ID: 38152 Updated by: [EMAIL PROTECTED] Reported By: businessman332211 at hotmail dot com -Status: Open +Status: Bogus Bug Type: *Encryption and hash functions Operating System: linux server PHP Version: 4.4.2 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2006-07-19 21:25:03] businessman332211 at hotmail dot com Description: ------------ I use crypt, I use the first 2 letters of the username and create a encryption, like below under encryption then database $password into the database perfect. Now I come to where I am testing to see if it matches someone goes to login in, they enter username, and password, I take there username, user it as salt to encrypt there password in the same way, I take there username, and there password and run it against the db for a match, if it matches it returns true and pulls the result. If it doesn't it returns false supposedly, if it's just 1 character off then it doesn't work. I used 951103902 for instance if I add an extra letter at the end, or change one before it, it still returns true, I tried it with random words too, this isn't suppose to happen. Reproduce code: --------------- //encrypt $salt = substr($username, 0, 2); $password = crypt($password, $salt); //decrypt $salt = substr($username, 0, 2); $enteredpass = crypt($enteredpass, $salt); if ($enteredpass === $password){ echo "The passwords match"; }else { echo "The password is incorrect"; } Expected result: ---------------- I expect it to encrypt the password using crypt with the first 2 letters of whatever username. which it does then when I go to retrieve it with the persons entered information, if they typed the same password and username earlier, I expect it to get a match on the password, but it doesn't Actual result: -------------- it doesn't match all the time, it does if it's right, if it's way off it returns false, which is good, but if it's close to a match but a little off it returns true ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38152&edit=1
