[Tutor] CGI problem.

[Kent Johnson]

At 03:05 PM 11/7/2004 +0200, Mark Kels wrote:
>First, I got 49 characters and not 16 in the hash
>(\xc8\xff\xe9\xa5\x87\xb1&\xf1R\xed=\x89\xa1F\xb4E).

Actually I think that is 16 characters. Many of them are being printed as 
\x escapes. For example \xc8 represents a single character.

>But, anyway, It doesn't help me...
>I think the problem is to hash the user input (I 
>get  ��饇�&�R�=��F�E,
>and not the real hash).

How is the user input getting converted to UTF-8? The CGI you posted before 
showed a content-type of text/html with no charset specified. Usually a 
browser will return form data in the same charset as the page containing 
the form.

Anyway, I suggest you break your problem in two. One problem is getting 
recognizable data from the user in a CGI form. The other problem is 
computing MD5 hashes and comparing against the value in a file.

For the CGI piece, see if you can write a program that accepts a password 
from the user and prints it out, or compares it to a hard-coded string. 
Make sure you get the data you expect in the CGI.

For the MD5 piece, write a program that takes a known correct password, 
computes the MD5 hash and compares it with what is in a file.

When you have both of these working, you can combine them into one program. 
If you initially write the CGI with a checkPassword() function that just 
compares to a fixed string, you can later drop in a checkPassword() 
function you develop for the second program. You could even write the MD5 
part as a module, then the CGI program just has to import the 
checkPassword() function from the module.

Kent