crypt error

[sungpeng]

Why is it always unsuccessful?

 

<?php
$password = CRYPT('mypassword'); 


if (CRYPT($user_input, $password) == $password) {
   echo "Password verified!";
}else{echo "unsuccessful";}
?>

 

 

[phporcaffeine]

When using crypt, you should always use a salt. Using crypt() without a salt can produce varying and inconsistent results. Also, while function but as a matter of practice, you should reference baked-in constructs in lowercase form ( crypt() Vs. CRYPT() ), unless otherwise noted by the PHP manual.

 

Try this:

<?php
$salt = "asdfghjkl";
$password = crypt('mypassword', $salt); 

if (crypt($user_input, $salt) == $password) {
     echo "Password verified!";
}
else {
     echo "unsuccessful";
}
?>

 

BTW: While fine for learning, I would not consider the above as a login method for a production system. There are better, more secure ways of doing authentication.

[sungpeng]

<?php
$salt = "asdfghjkl";
$password = CRYPT('mypassword', $salt); 

if (CRYPT($user_input, $salt) == $password) {
     echo "Password verified!";
}
else {
     echo "unsuccessful";
}
?>

 

Still unsuccessful?

[MasterACE14]

does $user_input also contain 'mypassword' ?

[phporcaffeine]

This works just fine:

 

<?php

$salt = "asdfghjkl";
$user_input = 'mypassword';
$password = crypt('mypassword', $salt); 

if (crypt($user_input, $salt) == $password) {
     echo "Password verified!";
}
else {
     echo "unsuccessful";
}

?>

 

Notice that I specifically set $user_input. So if it didn't work for you, it would indicate that you're not setting the $user_input variable.

[sungpeng]

Thank phporcaffeine