I am having problems with encrypting passwords. When a user registers for my site, their password is encrypted with the function below (which I lifed from Apache::Htpasswd - this module is not available on my server and I do not have permission to install it,) the password is stored in my database, and an entry is entered into the .htpasswd file. Everything is fine so far.
If they want to change their password, I prompt them (a different script) for the old password, which I then encrypt with the same function and compare with the one stored in the database. Invariably, the encryption result is different (however is still a vaild encryption of the password.)
Is there a reason the result changes depending on what script I call the function from?
#From my first script, test data; result = reu3tDNEHBSyc
CryptPasswd("username","password");
#From my second script, test data; result = secGBN1BHq1FA
CryptPasswd("username","password");
sub CryptPasswd {
my ($self) = shift;
my ($passwd, $salt) = @_;
if ($salt) {
# Make sure only use 2 chars
$salt = substr ($salt, 0, 2); }
else {
($salt = substr ($0, 0, 2)) =~ tr/:/C/; }
return crypt ($passwd, $salt);
}
If there is a good reason for this happening, can someone suggest a way for me to confirm the old password in order to change the new one?