I'm trying to compare shadow password with php cli but not work ! i use this function so i can create password like shadow
function shadow ($input){
for ($n = 0; $n < 9; $n++){
$s .= chr(rand(64,126));
}
$seed = "$1$".$s."$";
$return = crypt($input,$seed);
return $return;
}
when i replace the result in shadow it's work with the password but it's have different character how i can compare it .
thanks
I am not quite sure I understand what you are asking -- do you have problems getting the password out of the shadow file, using php?
Your function creates a random salt (variable seed) using the php rand function. Thus, your salt will be different than the salt used by the existing password in the shadow file.
If you want to compare hashes (i.e. compare the output of your crypt call with the value in shadow), both hashes need to be created with the same salt. Thus, you need to use the salt from the existing password in the shadow file (= the $1$...$ part) instead of creating your own randomly.
In other words, drop your function and just use crypt($input, '$1$...$') instead, with $1$...$ being the first part of the hash in /etc/shadow.
It might also be worth looking into the PAM pecl extension instead of fiddling with /etc/shadow.
This extension provides PAM (Pluggable Authentication Modules) integration. PAM is a system of libraries that handle the authentication tasks of applications and services. The library provides a stable API for applications to defer to for authentication tasks.
Use the salt stored in the password file:
$crypted=crypt($_POST['password'], $stored_password);
if ($crypted==$stored_password) ( // they match
Note that you don't have to explicity extract the salt from the stored password, nor worry about the algorithm/salt size - crypt does that for you.
C.