So what happens when I try to authenticate to the db? If I get the crypted
password and do a query such as:
SELECT * FROM table WHERE user = 'user' AND password = 'encryptedpassword'
It would obviously not work since it tries to do an exact match correct?
Get the user record from the database. Call crypt() using the encrypted password as the salt, and the user-provided password as the password. Compare the result of crypt() with the encrypted password from the database to see if it's a match.
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
