I'm trying to use PHP to do user authentication against a password pulled from an LDAP database. The password is encrypted with MD5 hashing. I'd like to do something like this:
$user_input = 'password';
$goal = get_password_from_ldap();
list(,,$salt,) = explode('$', $goal);
if ($goal == crypt($use_input, $salt)) {
...
}
That's not actual code, but you get the idea. It doesn't work, though; instead, what seems to happen is that PHP's crypt() function uses DES encryption when I specify a salt. So, given the following snippet:
$pword = "password";
print crypt($pword);
print crypt($pword, "salt");
I get the following output:
$1$XZhRLjrH$pTQT.x0c.XBY9y2h.9XZC0
sa3tHJ3/KuYvI
Without a salt, it does MD5 encryption, but DES with a salt. Of course, to properly compare passwords, I need to specify a salt! How do I force PHP to use MD5 instead of DES, even with a specified salt?
