Andrej Dragicevic writes:

> Here is a sample.
> $pwd = "\$1\$LObTh\$LcOWUS4U6glAr2vB4oycr0"; // this is the vpopmail
> password
> $decrypted = "test";
> <?php
> if ( crypt($decrypted, "\$1\$LObTh\$") ==  $pwd) 
>       echo "success!";
> else
>       echo "failure!";
> ?>

That approach works but relies upon you figuring out where the salt
ends and passing it to crypt.  The more popular flavours of Unix these 
days have at least two different ways of crypting the passwords: the
old-style DES-based and the new-style variant-MD5-based.  They have
different lengths of salt for the different methods.

An easier way to do it is to use the crypted password itself as
the salt, because a crypt that can handle both styles is usually
smart enough to accept the crypted password as salt and separate the
salt out itself.  So you'll probably find that

    if (crypt($decrypted, $pwd) == $pwd)

does what you want.  Well, I'm assuming that in PHP "==" is a string
comparison operator as well as a numeric comparison operator (in perl
the string comparison operator is "eq" and your "==" comparison would
almost always be true even with the wrong password because strings which 
don't look like numbers are treated as 0 in perl).

Paul Allen
Softflare Support

Reply via email to