|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-10-05 11:13 UTC] colder@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu May 23 05:01:31 2024 UTC |
Description: ------------ There are 2 examples given in the documentation of crypt(), which cant work the way their shown. Example 2 will, as read in the documentation, give a different hash values each time its called. But it looks like its supposed to give the same hash for same passwords so a user given password can be compared with the one saved in a databank (or the on in htpasswd). <?php // Set the password $password = 'mypassword'; // Get the hash, letting the salt be automatically generated $hash = crypt($password); ?> Reproduce code: --------------- On the other hand example 1 is not clear. This wont work either, unless $user_input is given and it won't really state what it should do. From the code i would state it should be used to compare passwords, but like i said its not clear. <?php $password = crypt('mypassword'); // let the salt be automatically generated /* You should pass the entire results of crypt() as the salt for comparing a password, to avoid problems when different hashing algorithms are used. (As it says above, standard DES-based password hashing uses a 2-character salt, but MD5-based hashing uses 12.) */ if (crypt($user_input, $password) == $password) { echo "Password verified!"; } else echo "Wrong Password"; ?> Expected result: ---------------- Password verified Actual result: -------------- Wrong Password