On Thu, July 7, 2005 2:50 am, Javier said: > On 05/07/2005 at 14:04 sylikc wrote: >> >>For MD5 passwords though, it's a little different and not documented >>as thoroughly... >>3) Extract crypt salt from the $crypthash .... >>$cryptsalt = '$'.substr($crypthash,4,11); > > Thanks for your help. > > I checked my PHP support CRYPT_MD5, then I did the following: > > I've generated a user javier with password javier in my htpasswd file and > got this: > > Automatically using MD5 format. > javier:$apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1 > > Then I did the following code: > > --------------------- > <?php > > print "password: ".$password = "javier"."\n"; > > $crypthash = '$apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1'; > $cryptsalt = '$'.substr($crypthash,4,11); > > print "cryptsalt: ".$cryptsalt."\n"; > print "crypthash: ".$crypthash."\n"; > > print "crypted by me: ".'$apr'.crypt($password, $cryptsalt)."\n"; > > ?> > ---------------------- > > And the output was: > > password: javier > cryptsalt: $1$nO/.....$ > crypthash: $apr1$nO/.....$x0j4FfqCIQqgtqPckVUkO1 > crypted by me: $apr$1$nO/.....$0cKBXpoO.Q/jpA6sUUafq0 Aha! Since your output has an extra '$' after the $apr and before the 1$n0/..... I'm gonna go out on a limb and suggest you probably shouldn't add the '$' to the front of your salt. You're adding it, and crypt() is adding it, and you've got too much money in your salt. :-) Change step 3 to: $cryptsalt = substr($crypthash,4,11); Basically, do whatever it takes to get the front half of the crypted outputs to match up, and I suspect that the random parts at the end will magically sort themselves out. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
