I'm developing a small web application to allow user to change
their passwords.
In the authentication phase I need to check that the user has inserted
the right password. To do this I query the dbmail_users table like this:
select * from dbmail_users where userid='[EMAIL PROTECTED]' and
password=md5('password');
Well, to make it short this doesn't always work.
I have imported users from an old vpopmail installation and all the
passwords
begin with "$1$...".
If I try
select md5("password")
the result doesn't begin with "$".
If I replace my password with md5('mypassword') it works correctly, however.
This leads me to think that the dbmail authentication mechanism checks the
supplied passwords more than in one way, before accepting or denying access.
So my request is: can the developers tell me what other check should I
enforce,
both as mysql functions (I don't believe there are any beside than md5()) or
operating system calls (perl, for example), to get all the possible
encodings of my
password?
Thanks.
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail
