Hi people, I doing a web interface that will request a username + password, like squirrelmail i will contact my ldap server, this app will run on Centos 5.3, php 5.3, this will be where my web pages will be, the ldap server is running on Gentoo with ldap 2.3.43.
My current problem is with the password, I have found small app that wants to compare the input of the password vs the ldap password this will let us identify the user.
Well searching aroun, I found the crypt function but there is a thing that I don't like it:
"The standard DES-based encryption crypt() returns the salt as the first two characters of the output. It also only uses the first eight characters of str , so longer strings that start with the same eight characters will generate the same result (when the same salt is used)"
How can I deal with this note: 8 characters only?
Some users have more than that, this is my code:
$cryptedpassword='{crypt}74boAULE9gF5.';
if( preg_match( "/{([^}]+)}(.*)/", $cryptedpassword, $cypher ) ) { $cryptedpassword = $cypher[2]; $_cypher = strtolower($cypher[1]);
} else { $_cypher = NULL; }
if( preg_match("/^\$2+/",$cryptedpassword ) ) {
// make sure that web server supports blowfish crypt if( ! defined( 'CRYPT_BLOWFISH' ) || CRYPT_BLOWFISH == 0 ) pla_error( _('Your system crypt library does not support blowfish encryption.') );
list(,$version,$rounds,$salt_hash) = explode('$',$cryptedpassword);
if( crypt( $plainpassword, '$'. $version . '$' . $rounds . '$' .$salt_hash ) == $cryptedpassword ) return true; else return false; }
elseif( strstr( $cryptedpassword, '$1$' ) ) {
if( ! defined( 'CRYPT_MD5' ) || CRYPT_MD5 == 0 ) pla_error( _('Your system crypt library does not support md5crypt encryption.') );
list(,$type,$salt,$hash) = explode('$',$cryptedpassword);
if( crypt( $plainpassword, '$1$' .$salt ) == $cryptedpassword ) return true; else return false; }
elseif (strstr( $cryptedpassword, '_' ) ) {
if ( ! defined( 'CRYPT_EXT_DES' ) || CRYPT_EXT_DES == 0 ) pla_error( _('Your system crypt library does not support extended DES encryption.') );
echo crypt($plainpassword, $cryptedpassword );
if( crypt($plainpassword, $cryptedpassword ) == $cryptedpassword ) return true; else return false; }
else {
if( crypt($plainpassword $cryptedpassword ) == $cryptedpassword) return true; else return false; }
The issue is the 8 character limitation, even If i have a password of 10 characters, the function will just take 8, how can I deal with this issue?
Thanks for your time my firiends!!!