On Fri, Jun 4, 2010 at 16:50, Petko Yotov <5...@5ko.fr> wrote:
> On Friday 04 June 2010 14:23:28, Peter Bowers wrote :
>> I am having difficulty with some authorization code on a WAMP server
>> and wondering if anybody can shed light...
>>
>> Here's what I've got in my config.php right now (minus comments):
>>
>> $hash0 = crypt('abc'); // as (:encrypt abc:) would output
>
> Hello. I discovered that PHP 5.3 builds for Windows have buggy crypt()
> function, notably, passwords needed to be at least 4 characters. See
> http://www.pmwiki.org/wiki/PITS/01141
>
> If you use a longer password, does it work correctly?
That's quite better (same code with a 6c. passwd):
D:\WebOnKey\phpbatch>phpbatch.cmd crypt_test.php
local config: 5.3.2
CRYPT_SALT_LENGTH: 123
hash0=$1$EV0.7d1.$gQfhWrt340ZnU7JUa72o7. (initial hash)
salt0=$1$EV0.7d1.$gQfhWrt340ZnU7JUa72o7. (salt as specified)
salt1=$1$EV0.7d1.$ (salt extracted)
hash1=$1$EV0.7d1.$gQfhWrt340ZnU7JUa72o7. (full hash)
hash2=$1$EV0.7d1.$gQfhWrt340ZnU7JUa72o7. (salt as specified)
hash3=$1$EV0.7d1.$gQfhWrt340ZnU7JUa72o7. (salt extracted)
D:\WebOnKey\phpbatch>phpbatch.cmd crypt_test.php
local config: 5.3.0
CRYPT_SALT_LENGTH: 60
hash0=$1$EM2.7I4.$ITCzP.cuaH4Lrvp.lRgZ.. (initial hash)
salt0=$1$EM2.7I4.$ITCzP.cuaH4Lrvp.lRgZ.. (salt as specified)
salt1=$1$EM2.7I4.$ (salt extracted)
hash1=$1$EM2.7I4.$ITCzP.cuaH4Lrvp.lRgZ.. (full hash)
hash2=$1$EM2.7I4.$ITCzP.cuaH4Lrvp.lRgZ.. (salt as specified)
hash3=$1$EM2.7I4.$ITCzP.cuaH4Lrvp.lRgZ.. (salt extracted)
D:\WebOnKey\phpbatch>
> I am open to ideas on how PmWiki should deal with this, while maintaining
> backward compatibility with existing wiki pages and already encrypted existing
> passwords.
At least, a warning in the auth form ?
--
Dominique
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
