prob with comparing passwords

crypt only uses the first 8 characters of the key
but where in your code are you compareing just part of "billasdjla"?

I don't understand... the code you posted doesn't print the message "everything worked" at all. You need to show us the code that's failing, including the crypt.

Here is all the code.
      #get the variables
        $UserName = $INPUT{'UserName'};
      $Password = $INPUT{'Password'};
      #open the users file
        &UnlockFile("$member_dir$UserName.mem");
      #loop through choping each line
        foreach $line (@newlines) {
            chop ($line) if ($line =~ /\n$/);
      }      
      #assign these variables, $pass1 is the password
        ($pass1,$email,$loc,$ocu,$url,$inter) = @newlines;            #encrypt the password they gave
      $crytpass = crypt($Password, aa);
      #if the encrypted password in the file doesn't equal the password given, thats also encrypted
        if ($pass1 ne "$crytpass") {
               #print back error message
            &bad_piece("The password you entered doesn't match the one in the database.");
      }
Say the password is "bill" if i enter "bill" and other text like "billboy" it doesn't see anything wrong with that, if i enter say "dan" for the password it stops it fine and says doesn't match.  Whats wrong here?  Thanks.

Are you sure your UnlockFile function is working? presumably it reads the file into @newlines. And are you sure crypt is working? It could be one or both are failing but the result strings of their failure match.

To debug, check the crypted values:  add

print "pass1=$pass1, crytpass=$crytpass\n";

after the crypt statement, and see if they look like real encrypted values or just junk.

And is "aa" (which is your seed) set elsewhere in the program?

Ok I made the debuggin and this is what it is giving me.  Lets say the password is billy  the encrypted password is (made up) aa.asddfjkel however when i enter billyasdfalk it comes back with aa.saddfijkel so basically its like not even looking past my password.  The actual password is 9 letters long that i'm using to debug.  I'm not sure if length matters but.  You know much about the encrypt function?  As far as it being set elsewhere in the program, i use aa it to encrypt everything, if thats what you mean, i'm not sure though,  thanks.

crypt("billy","aa") is 'aaS2v5s7eIaLk'
crypt("billyasdfalk","aa") is 'aay9TBmf8fIKg'
which are different (and neither of which is 'aa.asddfjkel')

Right I made up the encrypted things just to show as example, but in my program it seeing billy and billyaklsdjf as the same. Its like its seeing billy and nothing else in the second one.  I gave the code i'm using.  Any ideas?

When your program evaluates crypt("billy","aa"), and crypt("billyasdfalk","aa") are you getting the proper values?
If not, what values is it giving you?
Are you really passing crypt the $Password you think you are?

When you print $Password is it the entered password? Sounds like it may not be checking the string that you think it is.

Here is the value i'm getting, remember i'm not actually using billy but...
aa.zAnzAJXdV6  I had it print to the browser the password it gets from the file, the password they gave (encrypted) and the password they gave (unencrypted).  The password from file was the usual, the password i gave unencrypted was fine "billydafs" but the encrypted thing was the same as billy (encrypted).  I'm so confused.  I just want to encrypt a password and be able to check it.

crypt("billy","aa") is 'aaS2v5s7eIaLk'
if you're getting 'aa.zAnzAJXdV6', your crypt, or your test, is broken.
crypt("billydafs","aa") is 'aaa9huR9YWHI.'
('aaS2v5s7eIaLk' ne 'aaa9huR9YWHI.') should be true.

Ok one last time, billy is not the actual phase i'm using.  The word i'm testing is the password that i always use, to this account to my site etc. so i'm not going to say the actual phrase i'm using but I think you can get an idea of my problem from what is going on.  thanks.  Anymore questions just post.

BTW, crypt("billydaf","aa") is also 'aaa9huR9YWHI.', since as I said in the beginning, crypt only uses the first 8 characters.

Perhaps crypt is broken on your system, as unlikely as it seems.

Just as a test, add the lines

print "billy is ",crypt("billy","aa"),"\n";
print "billydaf is ",crypt("billydafs","aa"),"\n";

and see if it produces the same values as ozo posted. I tried it here and got the same values as he did.

Also, crypt("billy\0daf","aa") and crypt("billy","aa") both produce 'aaS2v5s7eIaLk',
since crypt, being a C function considers a null character to be a string terminator.

Wait, so crypt only encrypts the first 8 characters of the string?  I thought you meant it only uses the first 8 letters for the key like aaaaaaaa instead of aa.  I guess that solves the problem.  I'll just make the password 8 chars long.  Thanks for all your help and patience both of you, however ozo did answer my question.  Thanks again.

crypt($key,$salt) uses the first 8 characters of $key, and the first 2 characters of $salt,
this is why you can say
print "password matched " if( crypt($password,$crytpass) eq $crytpass )

Yeah so if I use my same crypt formula crypt($password,"aa") and make sure they can only have passwords of 8 characters i'm set right?  Thanks.

You can try that.  If you do have more than 8 characters, only the first 8 will be significant to crypt.
Or you may want to hash longer passwords into 8 characters (being carefull about "\0")
Or break it up into 8 character segments and crypt each piece.

By The Way, your
  $pass1 ne "$crytpass"
might have been more clearly written as
  $pass1 ne $crytpass
and your
  foreach $line ( @newlines ){ chop ($line) if( $line =~ /\n$/ ) }
might have been done simply as
  chomp @newlines;

Great thanks a lot.  You're always a huge help.  Could you submit your answer so i can grade, I leave for europe tommorow so i want to make sure to give points before i go away for 3 weeks.  Thanks again.

Thanks again.