| charlie28u798r at web dot de 2006-09-28, 6:57 pm |
| From: charlie28u798r at web dot de
Operating system:
PHP version: Irrelevant
PHP Bug Type: Documentation problem
Bug description: Wrong example 1 -> Hash values of Password
Description:
------------
There are 2 examples given in the documentation of crypt(), which cant
work the way their shown.
Example 2 will, as read in the documentation, give a different hash values
each time its called. But it looks like its supposed to give the same hash
for same passwords so a user given password can be compared with the one
saved in a databank (or the on in htpasswd).
<?php
// Set the password
$password = 'mypassword';
// Get the hash, letting the salt be automatically generated
$hash = crypt($password);
?>
Reproduce code:
---------------
On the other hand example 1 is not clear. This wont work either, unless
$user_input is given and it won't really state what it should do. From the
code i would state it should be used to compare passwords, but like i said
its not clear.
<?php
$password = crypt('mypassword'); // let the salt be automatically
generated
/* You should pass the entire results of crypt() as the salt for comparing
a
password, to avoid problems when different hashing algorithms are used.
(As
it says above, standard DES-based password hashing uses a 2-character
salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
else echo "Wrong Password";
?>
Expected result:
----------------
Password verified
Actual result:
--------------
Wrong Password
--
Edit bug report at http://bugs.php.net/?id=38986&edit=1
--
Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=38986&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=38986&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=38986&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=38986&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=38986&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=38986&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=38986&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=38986&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=38986&r=support
Expected behavior: http://bugs.php.net/fix.php?id=38986&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=38986&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=38986&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=38986&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38986&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=38986&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=38986&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=38986&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=38986&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=38986&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=38986&r=mysqlcfg
|