See http://thatware.sourceforge.net/crypt.php3 for the full details. The script is just simply this:
$pwd = crypt('Password');
If you reload the script, the crypted variable is always different. If the user always had the cookie for their username stored on their computer and didn't ever have to worry about logging in on another machine, this would be fine, but it's highly unlikely.
I think we need to remove all instances of crypt() (it was a good idea though) because mcrypt is really the only good way to do it, but not a good solution in terms of the most commonly compiled elements in php binaries. This also explains why people can't log in as a user or admin.
Log in to post a comment.