Reputation: 3198
I am trying to encrypt the given password to match one that is in a database. However using crypt()
gives me a different result each time so it never matches. How can i make this work.
here is the statement that hashes the password given by the user.
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = crypt($_POST['password']);
prior to this i manually made a user that had the crypt('password')
but if I enter 'password' into the field it doesn not match.
Upvotes: 0
Views: 177
Reputation: 26451
Try like this,
//$pass_entered_from_login is the user entered password
//$crypted_pass is the encrypted password from the
//database or file
if(crypt($pass_entered_from_login,$crypted_pass)) == $crypted_pass)
{
echo("Welcome to my web site.")
}
Upvotes: 2
Reputation: 8379
crypt auto generates the salt each time you use it ............ so use the same salt for the user do this while registering the user to your database and while checking tooo.
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = crypt($_POST['password'],$_POST['username']);
}
NOTE: the 2nd parameter is the salt in crypt function .
hope it helps :)
Upvotes: -2
Reputation: 160933
Try below:
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
// get the hashed password from database
$hashed_password = get_from_db($username);
if (crypt($password, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
}
Upvotes: 4