I have a question about the way I'm using the crypt function in a PHP/SQL
gradebook I'm building.

When I add a user to the users table, I also generate a encrypted version
of their password using the following statement:

   // Crypt the password
   $crypt_num = crypt($student_num, $salt);  
   // Crypt the password
   $crypt_pw = crypt($password, $salt);

Then, when the user tries to log on later, they enter their password, and
it gets encrypted in exactly the same way. The encrypted version of the PW
is then compared to the encrypted version stored in a passwords table --
if they match, then the script validates the user and prints out the
user's assignment scores.

However, I've noticed that if anything past the 8th character in the
password is irrelevant. So, if the password was "12345678910", and the
user entered "12345678", the user would be able to enter. In other words,
the encrypted version of "12345678910" would be the same as the encrypted
version of "12345678".

I think there must be something with my crypt statement -- any advice?


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to