| ||
| ||
| If you have a password crypt and are not sure if it's correct, and wish to test it manually, you can do so with php. The way I do it is to type "php" and type in the script via stdinput (keyboard) and press ctrl-d to execute it, but if you're not comfortable, you can add the script to a file and pass the file to php (either via the shell or apache). Assumptions: 1) the password in this example is 2) the salt for this crypt is (MD5) I'll show the example in 2 steps, to show you first how the crypt is made, then how it's checked (they're essentially the same, with slight differences). The bold text is the output generated by the script. To generate a crypt for the password using the salt: <?php To verify if the password you're using is correct for this crypt, we repeat the similar code, passing the entire crypt (which gives the crypt() function the salt we're looking for, since the salt is part of the crypt, if you'll notice. If the output of the crypt() funciton matches the stored crypt, then the password is correct. If it does not match, you've got a wrong password. <?php ***NOTE*** it's very important to use single 'quotes' and *not* double "quotes" with the salt in the crypt() function. This is because in php, with double "quotes", the salt would be treated as empty variables.. since $xx is a variable in php. So with single 'quotes', the salt is treated exactly as you type it. With double "quotes", the salt is treated as 3 variables: $1, $asdf1234, and $whateverelse, which would basically give you an empty salt since chances are these are not filled with anything. | ||
| Related Helpfiles | ||
| My system is saving passwords in SHA-512 and DirectAdmin can't read them. I need MD5 | ||
| Creating a MD5 crypt from the command line |
© 2003 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST