Satans_Banjo

Hi

Sorry to be filling these boards up with small problems, but I seem to be running into a lot since I'm learning PHP/mySQL while building a rather large website

Anyway, I'm implementing a username/password thing. I've got a registration form in which it uses the crypt() function to encrypt their password and store it in the database, like so:

[php]$password = crypt($upass);[/php]

However, when I ran into problems validating the password when the user logs in, I tested two users with the same password and found out that the digest (or whatever you call the encrypted password) is different each time

I've read the online documentation of the crypt() function, but I don't understand the idea of a salt. Should I supply a salt to stop the salt being generated randomly?

EDIT: I've supplied a salt as follows:

[php]$password = crypt($upass, "*****salt*****");[/php]

The salt is 15 characters, and the space for the digest in the database is also 15 characters, if that helps

Thanks

Banjo