Code:
function verify_password($given_user, $given)
{
if(strlen($given) > 0)
{
$sql = "SELECT * FROM `tbl_users` WHERE `user_name` = \"$given_user\"";
//print("$given <br>");
$result = mysql_query($sql, $this->conn) or die(mysql_error());
print("$result <br>");
if($result)
{
while ($row = mysql_fetch_array($result, MYSQL_NUM))
{
$user_id = $row['0'];
$user_name = ($row['1']);
$stored = ($row['2']);
$session = ($row['3']);
}
print("$stored <br>");
$crypt = (crypt($given, 11));
print("$crypt <br>");
}
if ($stored == $crypt)
{
print("Passed <br>");
$pwd_salt = 1;
}
else
{
print("Failed <br>");
$pwd_salt = NULL;
}
}
print ("$pwd_salt <br>");
return $pwd_salt;
}
Output from the print statmentes:
Resource id #5
11.Sss0exHVRQ
11.Sss0exHVRQ
Failed
First I have a stored password using the same crypt parameters as I am using to check the given password.
I don't think I fully understand who crypt works. because it seems to fail on the comparison test even thought the outout shows the stored and the given are the same.
Can someone see something I am missing?
Thanks
Dave
