ID: 49954 User updated by: rgr at woodwing dot com Reported By: rgr at woodwing dot com -Status: Feedback +Status: Closed Bug Type: *Encryption and hash functions Operating System: win32 only - Win XP 64-bit PHP Version: 5.3.0 Assigned To: pajoye New Comment:
Hello Pajoye, thank you for your response. I have tried the 5.3.2-dev build from snapshot and this issue is indeed fixed there. Good to know this is fixed in a later version. Previous Comments: ------------------------------------------------------------------------ [2009-11-02 20:47:57] paj...@php.net May be related to #50052. Please try a SVN snapshot. ------------------------------------------------------------------------ [2009-10-31 16:53:13] paj...@php.net I can't reproduce it here. Can you try using a php 5.3 VC9 snapshot please? http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2009-10-30 12:47:59] carlodeboer at me dot com We are also experiencing problems with this bug. Especially during testing and pilot studies it is quite common to have short passwords. Upgrading to PHP 5.3 is not possible with this bug since we have to support existing installations with short passwords. ------------------------------------------------------------------------ [2009-10-27 13:44:50] vdklah at hotmail dot com This problem is pretty bad; After PHP 5.2->5.3 migration, users having short passwords are no longer allowed to login (to our system) due to the crypt mismatch! And, even worse, they are not allowed to change their password due to the very same problem! ------------------------------------------------------------------------ [2009-10-22 11:51:05] rgr at woodwing dot com Description: ------------ The function Crypt() does not work with less than 4 characters in PHP 5.3.0. See the code sample below. When using 'test' as $user_input and $password it does work correct. Reproduce code: --------------- --- >From manual page: function.crypt#Examples --- $user_input = 'tes'; $password = crypt('tes'); // let the salt be automatically generated if (crypt($user_input, $password) == $password) { echo "Password verified!"; } Expected result: ---------------- The comparison should result true. Actual result: -------------- The comparison returns false. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49954&edit=1