01277: Using crypt() w/o salt in PHP 5.6 versions causes PmWiki problems

Summary: Using crypt() w/o salt in PHP 5.6 versions causes PmWiki problems
Created: 2012-01-04 07:14
Status: Closed, fixed for 2.2.75
Category: PHP Compatibility
From: AM?
Priority: 2
Version: 2.2.36
OS: Ubuntu/Apache/5.2.4

Description: Hi,

using crypt() with older versions of PHP, e.g., 5.2.4, return an empty result if no salt is provided.

This causes problems with PmWiki as the login into password-protected pages is not possible and using ?action=crypt also returns only an empty string.

"Bug"-report: https://bugs.php.net/bug.php?id=45655



Reference: http://php.net/manual/en/function.crypt.php. --Petko January 05, 2012, at 04:32 PM

+1 on this, I still have that problem, crypt doesn't work and this causes all passwords to be ignored, once you delete crypt, you cannot login anymore. It took days to find this bug, hence my verbose statement so other people can find this page on Google.

Could there be an alternative to using PHPs crypt function?

Server info: Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.5.1 PHP/5.2.4-2ubuntu5.27 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at

Note, PHP 5.6.0 will raise E_NOTICE security warning if salt is omitted. --Petko February 15, 2014, at 01:51 PM

Closing this entry as the core was fixed for PHP 5.6. Should there be a need to work on the PHP5.2 issue please say so and we may be able to adjust the new pmcrypt() function. --Petko June 19, 2015, at 05:28 PM