Encrypting with the API has different results?

[Eliav]

Hey guys,

I'm working on a script that would require the user to enter their username and password (for verification) and I was hoping to just compare the encrypted password and username to the database but for some reason, whenever I test the encryption, it gives a different string for the same text every time the page is refreshed (If that makes sense).

 

I'm just starting on the code so its still pretty much the regular API.

<?php
$url = "http://MYDOMAIN/includes/api.php"; # URL to WHMCS API file
$postfields["username"] = "MYADMIN";
$postfields["password"] = "MYMD5PASS";
$postfields["action"] = "encryptpassword";
$postfields["password2"] = "atestpass";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$data = curl_exec($ch);
curl_close($ch);

$data = explode(";",$data);
foreach ($data AS $temp) {
 $temp = explode("=",$temp);
 $results[$temp[0]] = $temp[1];
}

if ($results["result"]=="success") {
 # Result was OK!
 echo $results["password"];

} else {
 # An error occured
 echo "The following error occured: ".$results["message"];
}

?>

When I view the page, it would sometimes end up being something like

B5LlHyPmXXbAF3LmUU5WyO0aAqaaPU7Rg8Jab4G

 

but if I refresh again (with the same exact code) it would be something completely different...

 

Ideas? Or was that the way it was built to be?

 

I basically need to verify that the user is really the user they say they are (which is why I am having them login again) and not a hacker.

I cant use the session logged in status because the file will be hosted on an another server (separate from my whmcs domain).

Otherwise I could easily do it

 

Thanks!

 

-Eliav

Edited December 28, 2008 by Eliav