Home/ Questions/Q 7408371
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T05:54:20+00:00

i have a registration form to register users and the password is crypted as

  • 0

i have a registration form to register users and the password is crypted as

$password=crypt($_POST['password']);

I then store this straight into the database without doing anything else;

However, in the login form when I try to compare the submitted password the encrypted password stored in the database as follows,

$error = array();
$password="";
$name="";
if (empty($_POST['name'])) 
{
    //if the email supplied is empty
    $error[] = 'You forgot to enter your username';
}
else
{
    $name=$_POST['name'];
}

if (empty($_POST['password'])) 
{
    $error[] = 'Please Enter Your Password ';
}
else 
{
    $password =crypt($_POST['password']);
}

if (empty($error))
{

   $query="SELECT * FROM mytable WHERE (name='$name' AND pass='$password') AND Activation IS NULL";
   $result=mysql_query($query);
   if(!$result){}
   else
   {
      $numRow=mysql_num_rows($result);
      if ($numRow != 0)
      {

      }
      else
      {
          echo "Incorrect password or unactivated account";
      }
   }
}

I have got the error message.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Show the example of the encrypted password. The problem might arise from If no salt is provided, PHP will auto-generate either a standard two character (DES) salt, or a twelve character (MD5), depending on the availability of MD5 crypt().

    You have to provide the ‘salt’ in order to encrypt plain password and to get the same string as you had once before, which you stored in the DB.

    If your password is encrypted by DES the ‘salt’ is the first two letters of your encrypted password. If it is encrypted by MD5 (first 3 symbols of the encrypted password will be $1$) than the ‘salt’ is everything by the last $ symbol.

    Use http://www.php.net/md5 for direct hashing of the password by MD5 algorithm. Result will not have $1$ at the beginning of the string and will not depend on any ‘salt’. But typical suggestion is to add something to the plain password (append/prepend some fixed string) or invert it (change the order of the letters in the plain password). MD5 hashes for the standard non-modified words used as passwords can be found in so called rainbow tables

    Examples generated by function crypt..

    Standard DES: rl.3StKT.4T8M <- ‘salt’ is rl

    MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0 <- ‘salt’ is $1$rasmusle$

    Example of the code:

    echo crypt('password');
// outputs for every run are
// $1$7M..C...$jQqGlQDmVfEJxd4iCJV.E/
// $1$jc5.wU..$8WgdKMca.kq82JrdXGoSF.
// and so on
// but !
echo crypt('password', '$1$7M..C...$');
// outputs
// $1$7M..C...$jQqGlQDmVfEJxd4iCJV.E/
// and 
echo crypt('password', '$1$jc5.wU..$');
// outputs
// $1$jc5.wU..$8WgdKMca.kq82JrdXGoSF.
    • 0