In order to get the same result from encryption, you have to use the same mechanism to encrypt before you compare hashes.
If you have created the original password hashes with the password function, the hash will look like this (for the current version of the PASSWORD function
*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7
or like this if created with the OLD_PASSWORD function (before mysql 4.1 ... )
29bad1457ee5e49e
The straight way to deal with this is to have your authentication query look something like this
select count(*) as authfield from your_auth_table
where username = 'typed-in-username'
and
(
password = password('typed-in-password')
or password = old_password('typed-in-password')
)
If username and password match, this will yield authfield = 1
If you want to do the encryption yourself in PHP, the correspondent to the mysql PASSWORD algorythm goes like this:
$passwordnew = '*'. strtoupper(sha1(hextostr(sha1('pass'))));
function hextostr($hex)
{
$str='';
for ($i=0; $i < strlen($hex)-1; $i+=2)
{
$str .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $str;
}
For the old_password function you can use
$passwordold = old_password('pass');
function old_password($password) {
if ($password == '')
return '';
$nr = 1345345333;
$add = 7;
$nr2 = 0x12345671;
foreach(str_split($password) as $c) {
if ($c == ' ' or $c == "\t")
continue;
$tmp = ord($c);
$nr ^= ((($nr & 63) + $add) * $tmp) + ($nr << 8);
$nr2 += ($nr2 << 8) ^ $nr;
$add += $tmp;
}
if ($nr2 > PHP_INT_MAX)
$nr2 += PHP_INT_MAX + 1;
return sprintf("%x%x", $nr, $nr2);
}