ID: 49954
Updated by: [email protected]
Reported By: rgr at woodwing dot com
-Status: Open
+Status: Assigned
Bug Type: *Encryption and hash functions
Operating System: win32 only - Win XP 64-bit
PHP Version: 5.3.0
-Assigned To:
+Assigned To: pajoye
Previous Comments:
------------------------------------------------------------------------
[2009-10-27 13:44:50] vdklah at hotmail dot com
This problem is pretty bad; After PHP 5.2->5.3 migration, users having
short passwords are no longer allowed to login (to our system) due to
the crypt mismatch! And, even worse, they are not allowed to change
their password due to the very same problem!
------------------------------------------------------------------------
[2009-10-22 11:51:05] rgr at woodwing dot com
Description:
------------
The function Crypt() does not work with less than 4 characters in PHP
5.3.0. See the code sample below.
When using 'test' as $user_input and $password it does work correct.
Reproduce code:
---------------
---
>From manual page: function.crypt#Examples
---
$user_input = 'tes';
$password = crypt('tes'); // let the salt be automatically generated
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
Expected result:
----------------
The comparison should result true.
Actual result:
--------------
The comparison returns false.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49954&edit=1
