Re: [PHP-DB] How to compare crypted password with stored in MySQL
Eduardo Bejar wrote: Hi, I have a MySQL database with encrypted passwords, that were created with: $input_password = $_POST["password"]; $salt = "ab"; /// Salt is always two character string and the same for all $password_to_save = crypt($input_password, $salt); and then saved in MySQL with: insert into password_table set passwd='$password_to_save'; (other columns are inserted also, but passwd is the one related to this question). Now, to check if a password is valid, I set $salt as the first two characters of the stored encrypted password, and with this salt I crypt and compare both: $salt = substr ($password_stored_in_mysql, 0,2); $password_to_check = crypt($input_password, $salt); if ($password_to_check == $password_stored_in_mysql) echo "Password is the same"; This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no password match, as $password_to_check is different from the one stored in the database. In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is "abFcR2QZ/2fUU". What could be causing this? How should I compare the passwords? Thank you, Edo Instead of using PHP, use MySQL MD5 to encrypt the string. You could do the encryption on the insert and then when you want to check the password, use the MD5 on the select statement. I have done it both ways, and I perfer to use MySQL to do it. My $.02 worth -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to compare crypted password with stored in MySQL
On Wed, 1 Feb 2006, Eduardo Bejar wrote: Hi, I have a MySQL database with encrypted passwords, that were created with: $input_password = $_POST["password"]; $salt = "ab"; /// Salt is always two character string and the same for all $password_to_save = crypt($input_password, $salt); [snip] This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no password match, as $password_to_check is different from the one stored in the database. In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is "abFcR2QZ/2fUU". What could be causing this? How should I compare the passwords? http://us2.php.net/crypt seems to say that crypt varies b/n operating systems. Or perhaps it's just using a different encryption algorithm. Check the above url for details... -philip -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] How to compare crypted password with stored in MySQL
Hi, I have a MySQL database with encrypted passwords, that were created with: $input_password = $_POST["password"]; $salt = "ab"; /// Salt is always two character string and the same for all $password_to_save = crypt($input_password, $salt); and then saved in MySQL with: insert into password_table set passwd='$password_to_save'; (other columns are inserted also, but passwd is the one related to this question). Now, to check if a password is valid, I set $salt as the first two characters of the stored encrypted password, and with this salt I crypt and compare both: $salt = substr ($password_stored_in_mysql, 0,2); $password_to_check = crypt($input_password, $salt); if ($password_to_check == $password_stored_in_mysql) echo "Password is the same"; This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no password match, as $password_to_check is different from the one stored in the database. In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is "abFcR2QZ/2fUU". What could be causing this? How should I compare the passwords? Thank you, Edo -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php