|
|
Posted by Rasmus Lerdorf on 09/03/05 20:52
Michelle Konzack wrote:
> Hi Rory,
>
> Am 2005-09-03 17:04:19, schrieb Rory Browne:
>
>
>>I'm not totally sure on the format of the passwords in /etc/shadow,
>>but can you do anything with php's md5 function? If not, then perhaps
>>the mcrypt extension may do something for you.
>
>
> Unfortunatly not, because
>
> echo -n "michellesecret" |md5sum
> or
> md5("michellesecret")
>
> produce: 28c2f05403caaa750df55efadeebd9ed
>
> but in /etc/shadow you find: $1$.NV7oLhO$Gj/ztvspUcpcJ5iUJiXNo0
>
>
> I do not find the right syntax and options to produce the later string.
The $1$.NV7oLhO$ is the SALT used by crypt. But to make it easier,
php's crypt() function is smart enough to just take the correct part of
the string and treat it as the salt, so you can pass the whole thing in.
That is, when trying to match up a password, you can do this:
<?php
$match = '$1$.NV7oLhO$Gj/ztvspUcpcJ5iUJiXNo0';
$passwd = 'michellesecret';
if(crypt($passwd,$match)==$match) echo "It matched";
else "It didn't match";
?>
I think you will find that if you echo out the result of
crypt($passwd,$match) in the above, you will see:
$1$.NV7oLhO$Gj/ztvspUcpcJ5iUJiXNo0
-Rasmus
Navigation:
[Reply to this message]
|