that's what I'm doing, but crypt() will give different results dependant on the size and composition of the salt. So I need to truncate it to the proper length. I tried it both ways, and it didn't work with the whole stored PW.
-Micah On Wednesday 02 June 2004 04:24 pm, Feargal Reilly wrote: > On Wed, 2 Jun 2004 16:02:45 -0700 > > Micah <[EMAIL PROTECTED]> wrote: > > Thanks Paul and Jesse, > > > > I got it.. the php crypt() is the one to use.. in case anyone > > else is hacking in php, here's what I found to work: > > > > $pwtype = the type as recorded in the encryption type field in > > the user table. $user_password = the password as recorded in > > the database.$pw = the supplied pw. > > $pwout = the resulting string to compare to the database value. > > > > > > $pwout = crypt($pw, substr($user_passwd, 0, 2)); > > Out of curiousity, what if you use the stored password as the > salt itself? I would expect crypt() truncates it, saving you the > hassle. > > -fr.
