At registration, a user's password is encrypted by php's md5 and stored
in a client login table.
On login, the client's password as provided in a login form, is run
through md5 hashing and submitted to the server for authentication.
Pretty standard stuff!
BUT authentication always fails.
To get a grip on this, I set up a record with a specific password. For
some reason I cannot understand, the md5 hash written into postgresql
does not correspond with the echoing back of the hash at login attempts.
In both instances, the hashing is consistent.
The login is performed under ssl. Changing it to run under http makes no
difference - the hashing remains the same.
The data base provides a character varying(32) column for the hashed
password.
Can someone help me out of this morass???
Much appreciated!
