On 19-Jun-2003 Huzz wrote:
> I have this bit of code to crypt user password in user registration as
> shown
> below.
>
> $cryptpass=crypt($makepass);
> which generated crypted password like eg 37Q9fppLHc4fQ with php 4.0
>
> And am using the codes below to check for valid login..
> // $pass - from login page
> // $dbpass - from the database
> $pass=crypt($pass,substr($dbpass,0,2));
> }
> if (strcmp($dbpass,$pass)) {
> return(0);
> }
>
>
> Recently i have moved the same file to a new server with php 4.3.1 the
> problem is the same piece of codes above generates completely differen
> crypted value eg.$1$RjZHv7qx$h/L9ZUNT48rilHB6fGoMP/ .. hence the login
> codes above does not work... :(
>
The '$1$' means it's a md5 password.
Don't chop-up the encryped passwd.
Use the whole string for the seed and let crypt() handle it:
$epass=crypt($pass, $dbpass);
if (strcmp($dbpass,$epass)) {
...
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
(53kr33t w0rdz: sql table query)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
