On Wed, Feb 12, 2003 at 03:33:22PM -0500, Zach Davis wrote: > I have a question about the way I'm using the crypt function in a PHP/SQL > gradebook I'm building. > > When I add a user to the users table, I also generate a encrypted version > of their password using the following statement: > > // Crypt the password > $crypt_num = crypt($student_num, $salt); > // Crypt the password > $crypt_pw = crypt($password, $salt); > > Then, when the user tries to log on later, they enter their password, and > it gets encrypted in exactly the same way. The encrypted version of the PW > is then compared to the encrypted version stored in a passwords table -- > if they match, then the script validates the user and prints out the > user's assignment scores. > > However, I've noticed that if anything past the 8th character in the > password is irrelevant. So, if the password was "12345678910", and the > user entered "12345678", the user would be able to enter. In other words, > the encrypted version of "12345678910" would be the same as the encrypted > version of "12345678". > > I think there must be something with my crypt statement -- any advice? If you want more than 8 characters, use MD5 or some such. Unix crypt as used for passwords doesn't do more than 8 characters. MD5 passwords can do much more. Len Sorensen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
