Hi.
Since you inherited this code, and all the systems you are using are
using double for base_convert(), then the resulting base 36 passwords
are valid only for the first 10 characters (53 bits). So instead of
checking passwords like:
if ($hashPassword == $hashPasswordFromDatabase) {
// user is authenticated
}
use:
if (substr($hashPassword, 0, 10) == substr($hashPasswordFromDatabase,
0, 10)) {
// user is authenticated
}
-Craig
On Jul 29, 9:00 pm, Stu Meads <[email protected]> wrote:
> The code is login code, and as it is, none of the hashed passwords will
> work for a few 1000 users if it's moved.
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
-~----------~----~----~----~------~----~------~--~---
