PHP Auth
Sergey Sysoev
lists at avtf.org
Sat Nov 22 22:29:10 PST 2003
Hello Grant,
GP> Two questions....
GP> I have been reading as much as I can find on paswwd, master.passwd,
GP> shadow, crypt etc etc etc. and am Still stuck on one point. If the encrypted
GP> password is normally aslways different, due to 'salt', then how does one get
GP> a match??
GP> Does anyone have posession of a simple PHP script that can auth against
GP> the master passwd file?
That's function which generate md5 password, maybe it will be helpful.
I am not sure for 100% if this script always provide diff. password
and maybe someone can improve it :)
You may check work at http://bids.tomsk.ru/passwd.php
echo crypt_passwd("F5k");
function crypt_passwd($passwd_tmp) {
mt_srand((double) microtime()*1000000);
$e=pack("cCcCCccC", mt_rand(), mt_rand(), mt_rand(), mt_rand(),
mt_rand(), mt_rand(), mt_rand(), mt_rand());
$enc12=base64_encode($e);
$enc8="";
for ($i=2; $i<=9; $i++) $enc8=$enc8.$enc12[$i];
$passwd_crypted=crypt($passwd_tmp,$enc8);
return $passwd_crypted;
}
To my mind you'd get salt from master.passwd and than encrypt plain
password using that salt and then compare.
--
Best regards,
Sergey
More information about the freebsd-questions
mailing list