OK, plain crypt is much, much worse that plain MD5. Either use MD5 by istelf, use crypt in MD5 mode if your machine support it, or use the my_md5crypt given above.
To call my_md5crypt as given above:
Code: Select all
$password = $_POSTї"enteredPassword"];
$salt = '$1$' . substr(MD5(microtime() . getmypid()),0,12);
$hashedPassword = my_md5crypt($password,$salt);
// store $hashedPassword in your database
To validate a user password
Code: Select all
$username = $_POSTї"username"];
$password = $POSTї"password"];
$storedPassword = getStoredPasswordForUser($username);
if (my_md5crypt($password,$storedPassword)==$storedPassword)
{//success}
else
{//failure}
A slight correction to my_md5crypt:
Code: Select all
function my_md5crypt($pass,$salt)
{
$salt = substr($salt,3,12); // the '$1$' should not be hashed
$cryptedPass = MD5($salt.$pass);
return '$1$'.$salt.$cryptedPass; // but the '$1$' needs to be passed back
}