php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38152 major problem with crypt()
Submitted: 2006-07-19 21:25 UTC Modified: 2006-07-19 22:29 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: businessman332211 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 4.4.2 OS: linux server
Private report: No CVE-ID: None
 [2006-07-19 21:25 UTC] businessman332211 at hotmail dot com
Description:
------------
I use crypt, I use the first 2 letters of the username and create a encryption, like below under encryption then database $password into the database
perfect.
Now I come to where I am testing to see if it matches someone goes to login in, they enter username, and password, I take there username, user it as salt to encrypt there password in the same way, I take there username, and there password and run it against the db for a match, if it matches it returns true and pulls the result.
If it doesn't it returns false
supposedly, if it's just 1 character off then it doesn't work.
I used 951103902 for instance
if I add an extra letter at the end, or change one before it, it still returns true, I tried it with random words too, this isn't suppose to happen.

Reproduce code:
---------------
//encrypt
$salt = substr($username, 0, 2);
$password = crypt($password, $salt);
//decrypt
$salt = substr($username, 0, 2);
$enteredpass = crypt($enteredpass, $salt);
if ($enteredpass === $password){
echo "The passwords match";
}else {
echo "The password is incorrect";
}

Expected result:
----------------
I expect it to encrypt the password using crypt with the first 2 letters of whatever username.
which it does
then when I go to retrieve it with the persons entered information, if they typed the same password and username earlier, I expect it to get a match on the password, but it doesn't

Actual result:
--------------
it doesn't match all the time, it does if it's right, if it's way off it returns false, which is good, but if it's close to a match but a little off it returns true

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-19 22:29 UTC] sniper@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Fri Jun 22 17:01:44 2018 UTC