I'm using the following for a simple password protected system:
Code: Select all
$password=crypt($userpassword); //let the salt be automatically generatedCode: Select all
if (crypt($enteredpassword,$password)==$password) {
echo "password verified!";
} else {
echo "password rejected!";
}Here's the deal. I've got it in use and it works. To test things out, I entered a completely incorrect password. Rejected. I entered in the correct password but left off the last letter. Rejected. I entered the correct password but added an extra letter. Rejected. Everything is fine except for one single password that won't behave. If the password is "margaret" (without the quotes), I get the verified message even when I add extra letters to then end. Add one, add many, it always matches.
What's up with this behavior? Can anyone shed some light on this curiosity?
Thanks in advance.