On Wed, Feb 12, 2003 at 03:33:22PM -0500, Zach Davis wrote:
> I have a question about the way I'm using the crypt function in a PHP/SQL
> gradebook I'm building.
> When I add a user to the users table, I also generate a encrypted version
> of their password using the following statement:
>    // Crypt the password
>    $crypt_num = crypt($student_num, $salt);  
>    // Crypt the password
>    $crypt_pw = crypt($password, $salt);
> Then, when the user tries to log on later, they enter their password, and
> it gets encrypted in exactly the same way. The encrypted version of the PW
> is then compared to the encrypted version stored in a passwords table --
> if they match, then the script validates the user and prints out the
> user's assignment scores.
> However, I've noticed that if anything past the 8th character in the
> password is irrelevant. So, if the password was "12345678910", and the
> user entered "12345678", the user would be able to enter. In other words,
> the encrypted version of "12345678910" would be the same as the encrypted
> version of "12345678".
> I think there must be something with my crypt statement -- any advice?

If you want more than 8 characters, use MD5 or some such.  Unix crypt as
used for passwords doesn't do more than 8 characters.  MD5 passwords can
do much more.

Len Sorensen

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to