Re: How to compare crypted password with stored in MySQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eduardo Bejar wrote:
Hi,
I have a MySQL database with encrypted passwords, that were created with:

$input_password = $_POST["password"];
$salt = "ab"; /// Salt is always two character string and the same for all
$password_to_save = crypt($input_password, $salt);

and then saved in MySQL with: insert into password_table set
passwd='$password_to_save'; (other columns are inserted also, but passwd is
the one related to this question).


Now, to check if a password is valid, I set $salt as the first two
characters of the stored encrypted password, and with this salt I crypt and
compare both:

$salt = substr ($password_stored_in_mysql, 0,2);
$password_to_check = crypt($input_password, $salt);

if ($password_to_check == $password_stored_in_mysql) echo "Password is the
same";


This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when
trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no
password match, as $password_to_check is different from the one stored in
the database.

In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is
"abFcR2QZ/2fUU".


What could be causing this? How should I compare the passwords?
Thank you,

Edo

Instead of using PHP, use MySQL MD5 to encrypt the string. You could do the encryption on the insert and then when you want to check the password, use the MD5 on the select statement. I have done it both ways, and I perfer to use MySQL to do it.

My $.02 worth

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux