|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38152 major problem with crypt()
Submitted: 2006-07-19 21:25 UTC Modified: 2006-07-19 22:29 UTC
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:3 (100.0%)
From: businessman332211 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 4.4.2 OS: linux server
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: businessman332211 at hotmail dot com
New email:
PHP Version: OS:


 [2006-07-19 21:25 UTC] businessman332211 at hotmail dot com
I use crypt, I use the first 2 letters of the username and create a encryption, like below under encryption then database $password into the database
Now I come to where I am testing to see if it matches someone goes to login in, they enter username, and password, I take there username, user it as salt to encrypt there password in the same way, I take there username, and there password and run it against the db for a match, if it matches it returns true and pulls the result.
If it doesn't it returns false
supposedly, if it's just 1 character off then it doesn't work.
I used 951103902 for instance
if I add an extra letter at the end, or change one before it, it still returns true, I tried it with random words too, this isn't suppose to happen.

Reproduce code:
$salt = substr($username, 0, 2);
$password = crypt($password, $salt);
$salt = substr($username, 0, 2);
$enteredpass = crypt($enteredpass, $salt);
if ($enteredpass === $password){
echo "The passwords match";
}else {
echo "The password is incorrect";

Expected result:
I expect it to encrypt the password using crypt with the first 2 letters of whatever username.
which it does
then when I go to retrieve it with the persons entered information, if they typed the same password and username earlier, I expect it to get a match on the password, but it doesn't

Actual result:
it doesn't match all the time, it does if it's right, if it's way off it returns false, which is good, but if it's close to a match but a little off it returns true


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-19 22:29 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Jun 01 08:01:30 2020 UTC