ID: 49954
Comment by: vdklah at hotmail dot com
Reported By: rgr at woodwing dot com
Status: Open
Bug Type: *Encryption and hash functions
Operating System: win32 only - Win XP 64-bit
PHP Version: 5.3.0
New Comment:
This problem is pretty bad; After PHP 5.2->5.3 migration, users having
short passwords are no longer allowed to login (to our system) due to
the crypt mismatch! And, even worse, they are not allowed to change
their password due to the very same problem!
Previous Comments:
------------------------------------------------------------------------
[2009-10-22 11:51:05] rgr at woodwing dot com
Description:
------------
The function Crypt() does not work with less than 4 characters in PHP
5.3.0. See the code sample below.
When using 'test' as $user_input and $password it does work correct.
Reproduce code:
---------------
---
>From manual page: function.crypt#Examples
---
$user_input = 'tes';
$password = crypt('tes'); // let the salt be automatically generated
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
Expected result:
----------------
The comparison should result true.
Actual result:
--------------
The comparison returns false.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49954&edit=1
