Re: [PHP-DB] crypt help
On Wed, Feb 12, 2003 at 03:33:22PM -0500, Zach Davis wrote: I have a question about the way I'm using the crypt function in a PHP/SQL gradebook I'm building. When I add a user to the users table, I also generate a encrypted version of their password using the following statement: // Crypt the password $crypt_num = crypt($student_num, $salt); // Crypt the password $crypt_pw = crypt($password, $salt); Then, when the user tries to log on later, they enter their password, and it gets encrypted in exactly the same way. The encrypted version of the PW is then compared to the encrypted version stored in a passwords table -- if they match, then the script validates the user and prints out the user's assignment scores. However, I've noticed that if anything past the 8th character in the password is irrelevant. So, if the password was 12345678910, and the user entered 12345678, the user would be able to enter. In other words, the encrypted version of 12345678910 would be the same as the encrypted version of 12345678. I think there must be something with my crypt statement -- any advice? If you want more than 8 characters, use MD5 or some such. Unix crypt as used for passwords doesn't do more than 8 characters. MD5 passwords can do much more. Len Sorensen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] crypt help
I have a question about the way I'm using the crypt function in a PHP/SQL gradebook I'm building. When I add a user to the users table, I also generate a encrypted version of their password using the following statement: // Crypt the password $crypt_num = crypt($student_num, $salt); // Crypt the password $crypt_pw = crypt($password, $salt); Then, when the user tries to log on later, they enter their password, and it gets encrypted in exactly the same way. The encrypted version of the PW is then compared to the encrypted version stored in a passwords table -- if they match, then the script validates the user and prints out the user's assignment scores. However, I've noticed that if anything past the 8th character in the password is irrelevant. So, if the password was 12345678910, and the user entered 12345678, the user would be able to enter. In other words, the encrypted version of 12345678910 would be the same as the encrypted version of 12345678. I think there must be something with my crypt statement -- any advice? Best, Zach -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] crypt help
On Thursday 13 February 2003 04:33, Zach Davis wrote: However, I've noticed that if anything past the 8th character in the password is irrelevant. That is clearly explained in the manual. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* Welcome to Utah. If you think our liquor laws are funny, you should see our underwear! */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
