Eduardo Bejar wrote:
Hi,
I have a MySQL database with encrypted passwords, that were created with:
$input_password = $_POST[password];
$salt = ab; /// Salt is always two character string and the same for all
$password_to_save = crypt($input_password, $salt);
and then saved in MySQL with: insert into password_table set
passwd='$password_to_save'; (other columns are inserted also, but passwd is
the one related to this question).
Now, to check if a password is valid, I set $salt as the first two
characters of the stored encrypted password, and with this salt I crypt and
compare both:
$salt = substr ($password_stored_in_mysql, 0,2);
$password_to_check = crypt($input_password, $salt);
if ($password_to_check == $password_stored_in_mysql) echo Password is the
same;
This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when
trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no
password match, as $password_to_check is different from the one stored in
the database.
In example: $password_to_check shows ab2vG8KakAAGY and the stored one is
abFcR2QZ/2fUU.
What could be causing this? How should I compare the passwords?
Thank you,
Edo
Instead of using PHP, use MySQL MD5 to encrypt the string. You could do
the encryption on the insert and then when you want to check the
password, use the MD5 on the select statement. I have done it both
ways, and I perfer to use MySQL to do it.
My $.02 worth
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
