How to compare crypted password with stored in MySQL

Hi,

I have a MySQL database with encrypted passwords, that were created with:

$input_password = $_POST["password"];
$salt = "ab"; /// Salt is always two character string and the same for all
$password_to_save = crypt($input_password, $salt);

and then saved in MySQL with: insert into password_table set
passwd='$password_to_save'; (other columns are inserted also, but passwd is
the one related to this question).


Now, to check if a password is valid, I set $salt as the first two
characters of the stored encrypted password, and with this salt I crypt and
compare both:

$salt = substr ($password_stored_in_mysql, 0,2);
$password_to_check = crypt($input_password, $salt);

if ($password_to_check == $password_stored_in_mysql) echo "Password is the
same";


This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when
trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no
password match, as $password_to_check is different from the one stored in
the database.

In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is
"abFcR2QZ/2fUU".


What could be causing this? How should I compare the passwords?

Thank you,

Edo

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: How to compare crypted password with stored in MySQL

On Wed, 1 Feb 2006, Eduardo Bejar wrote:

>
> Hi,
>
> I have a MySQL database with encrypted passwords, that were created with:
>
> $input_password = $_POST["password"];
> $salt = "ab"; /// Salt is always two character string and the same for all
> $password_to_save = crypt($input_password, $salt);
[snip]
>
> This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when
> trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no
> password match, as $password_to_check is different from the one stored in
> the database.
>
> In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is
> "abFcR2QZ/2fUU".
>
> What could be causing this? How should I compare the passwords?

http://us2.php.net/crypt

seems to say that crypt varies b/n operating systems. Or perhaps it's
just using a different encryption algorithm. Check the above url for
details...

-philip

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: How to compare crypted password with stored in MySQL

Eduardo Bejar wrote:
> Hi,
>
> I have a MySQL database with encrypted passwords, that were created with:
>
> $input_password = $_POST["password"];
> $salt = "ab"; /// Salt is always two character string and the same for all
> $password_to_save = crypt($input_password, $salt);
>
> and then saved in MySQL with: insert into password_table set
> passwd='$password_to_save'; (other columns are inserted also, but passwd is
> the one related to this question).
>
>
> Now, to check if a password is valid, I set $salt as the first two
> characters of the stored encrypted password, and with this salt I crypt and
> compare both:
>
> $salt = substr ($password_stored_in_mysql, 0,2);
> $password_to_check = crypt($input_password, $salt);
>
> if ($password_to_check == $password_stored_in_mysql) echo "Password is the
> same";
>
>
> This used to work on a PC that runs PHP 4.1.2 and MySQL 3.23.36. But when
> trying this on other PC that runs PHP 4.3.11 and MySQL 3.23.58, I get no
> password match, as $password_to_check is different from the one stored in
> the database.
>
> In example: $password_to_check shows "ab2vG8KakAAGY" and the stored one is
> "abFcR2QZ/2fUU".
>
>
> What could be causing this? How should I compare the passwords?
>
> Thank you,
>
> Edo
>
>
Instead of using PHP, use MySQL MD5 to encrypt the string. You could do
the encryption on the insert and then when you want to check the
password, use the MD5 on the select statement. I have done it both
ways, and I perfer to use MySQL to do it.

My $.02 worth

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php