PHP login checking hash in database using crypt

Question

I am a newbie in programming and now studying about encryption on password storage, and during my experiments i ran into this login problem. I am trying to login comparing the hashed password in database and user input using php crypt() function:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<form method="post" action="index.php">
user name :<input type="text" name="uid" />
password :<input type="text" name="pas" />
<input type="submit"/>
</form>

<?php
if(isset($_POST['pas'])&&isset($_POST['uid']))
{
    $uid=$_POST['uid'];
    $pas=$_POST['pas'];

    require_once('class.DBConnect.php');
    $ob=new DBConnect('test');
    $ob->getData("select * from log where uid='$uid'",array('pas'));

    foreach($ob->columnData as $value)
    {
        $hashed_pas=$value;
    }

    if(crypt($pas,$hashed_pas)==$hashed_pas)
    {
       echo "loggin in";
    }
    else
    {
       echo "fail!!!";
    }
}

?>
</body>
</html>

The password is 'san'. The value of $hashed_pas is : $1$mG5.1k/.$/. and of crypt($pas,$hashed_pas) is: $1$mG5.1k/.$/.LHc4JCN6GRznyYWZ/Mi.

I want to know why is this happening.

I have used the auto-generated salt for hash stored in database.

class.DBConnect.php :

<?php
class DBConnect
{
    public $columnData=array();
    private $con,$rs;
    public function __construct($database)
    {
    $this->con=mysqli_connect("localhost","root","root",$database);
    if(mysqli_connect_errno())
    {
        echo "DB error is:".mysqli_connect_error();
    }

    }


    function test_input($data)
    {
      $data = trim($data);
      $data = stripslashes($data);
      $data = htmlspecialchars($data);
      return $data;
    }

    function make_safe($variable)
    {

        $variable = mysqli_real_escape_string($this->con,trim($variable));
        return $variable;
    }

    function getData($query,$column=array())
    {
        $this->rs=mysqli_query($this->con,$query);
        while($row=mysqli_fetch_array($this->rs))
        {
            foreach($column as $a)
            { 
              $this->columnData=array($row[$a]);
            }

        }

    }

    function checkDataExist()
    {   
      if(mysqli_num_rows($this->rs)==0)
      {
        return 0;
      }

      else
      {
      return 1;
      }
    }

}
?>

Please help me with this issue and suggest me industry level standards on these.

edit: I tried following codes and output was:

san : $1$pb2.8C3.$WhJ/zOEWZUXc/7fTEbcJe. san : $1$pb2.8C3.$WhJ/zOEWZUXc/7fTEbcJe.

$pas="san";
$hash= crypt($pas);
echo "$pas : $hash<br />";
$hash= crypt($pas,$hash);
echo "$pas : $hash";

so I am wondering why database comparison not working.

Answer 1

It seems like the length of your database field is not sufficient to hold the entire hashed string. If the string to be stored exceeds the length of the table field the data will get truncated.