Now I am successfully able to generate the crypted string .. now I want that generated string to be compared with user given input --
<?php
/*This script is used to verify whether the crypt string generated from generatecryptpassword.php script matches with the new crypt string of the user input password
Ideally $hash value will come from db , but we have taken it directly from the generatecryptpassword.php script .
Also note that we need to escape the $ as \$ before comparing*/
$user_input= 'test123';
$hash = '$6$rounds=50000$86f50a6ac3d0839a$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1';
$newhash= str_replace('$','\$',$hash);
echo $newhash . "\n";
/* To verify the hash: */
//$newhash="\$6\$rounds=50000\$86f50a6ac3d0839a\$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1";
echo crypt($user_input, $newhash) . "\n"; //optional
if(crypt($user_input, $newhash) == $newhash)
{
echo "Password is correct!";
}
else
{
echo "Password is invalid";
}
?>
The problem over here is that when I am manually changing '$' to '\$' then things are working perfectly , but when I doing it through str_replace fn , it doesnt works and the final hash het generated a new one as below ---
##php ./comparecryptedpassword.php
\$6\$rounds=50000\$86f50a6ac3d0839a\$6oapcEjXqL5FsAS6Uj6LUeUxHhW3dH1/krfFwQYCOzg8qAHlPSu/Cvtq4p5XSzmi8yQ1g9F3/syAEhlVXKbQS1
\$0lXFe./5bns <<-- this should be the original crypted string . but its some other value
Password is invalid
any pointers ..