else {//Secure password hash format
if (crypt($_REQUEST['pass'], $row['pass']) == $row['pass']) {
$_SESSION['user'] = $row['user'];
$logged_in = true;
}
}
}
Hi there,
On Lab 9_1, secure password hash login.php - solution,
the following if statement doesn’t seems to make any sense.
typically crypt(password,salt) will generate a password digest.
2ndly, we store the crypt password into the database with a salt crypt(password)
So how am I going to compare o.0?
Edit:
Out of curiousity, I have actually tried this from PHP: crypt - Manual,
<?php $hashed_password = crypt('mypassword'); // let the salt be automatically generated /* You should pass the entire results of crypt() as the salt for comparing a password, to avoid problems when different hashing algorithms are used. (As it says above, standard DES-based password hashing uses a 2-character salt, but MD5-based hashing uses 12.) */ if (crypt('mypassword', $hashed_password) == $hashed_password) { echo "Password verified!"; } ?>
So I have answered my own question.
Original post by defalcator