|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-07-19 22:29 UTC] sniper@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 06:01:28 2024 UTC |
Description: ------------ I use crypt, I use the first 2 letters of the username and create a encryption, like below under encryption then database $password into the database perfect. Now I come to where I am testing to see if it matches someone goes to login in, they enter username, and password, I take there username, user it as salt to encrypt there password in the same way, I take there username, and there password and run it against the db for a match, if it matches it returns true and pulls the result. If it doesn't it returns false supposedly, if it's just 1 character off then it doesn't work. I used 951103902 for instance if I add an extra letter at the end, or change one before it, it still returns true, I tried it with random words too, this isn't suppose to happen. Reproduce code: --------------- //encrypt $salt = substr($username, 0, 2); $password = crypt($password, $salt); //decrypt $salt = substr($username, 0, 2); $enteredpass = crypt($enteredpass, $salt); if ($enteredpass === $password){ echo "The passwords match"; }else { echo "The password is incorrect"; } Expected result: ---------------- I expect it to encrypt the password using crypt with the first 2 letters of whatever username. which it does then when I go to retrieve it with the persons entered information, if they typed the same password and username earlier, I expect it to get a match on the password, but it doesn't Actual result: -------------- it doesn't match all the time, it does if it's right, if it's way off it returns false, which is good, but if it's close to a match but a little off it returns true