PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
$pwrd = crypt(trim("$_POSTїpword]"));
//$pwrd will be stored into the database and $_POSTїpword] is the password from the registration form.
When verifying the password received from a login form with the one in the database:
if(crypt($pwrd,$rowїpword]) == $rowїpword])
//Where $pwrd is the password from the login form, $rowїpword] is the crypted password from the database.
What I'm confused is, how is the encrypted password in the database, without a salt provided (first code), be the same as the encrypted password with a salt provided? (second code)
crypt uses a random salt if you don't provide one. So...
crypt($pass1) != crypt($pass1);
but if you wanted...
md5($pass1) == md5($pass1);
Now of course you want your files encrypted instead of just hashed with md5, so what I would suggest is using part of the password as the salt
crypt($pass1, substr($pass1, 2));
That way it'll be the same every time and only if the password is right will it work. Hope that helps...and I hope I didn't lie to you about anything because I'm not a genius.
The standard DES-based encryption crypt() returns the salt as the first two characters of the output. It also only uses the first eight characters of str, so longer strings that start with the same eight characters will generate the same result (when the same salt is used).
and
If you are using the supplied salt, you should be aware that the salt is generated once. If you are calling this function repeatedly, this may impact both appearance and security.