This is actually two questions:
1) My understanding is you determine what type of encryption crypt() uses by how many characters you use in the salt. For instance:
crypt('mypassword', someStringThatIs33CharsLong); // This would be blowfish?
2) Once I get this data, how do I verify it against user input at a future date? The following doesn't appear to work:
if (crypt($user_input, $encryptedinfo) == $encryptedinfo) {
echo "Password verified!";
}
What am I missing here?
When you are using crypt the Salt (someStringThatIs33CharsLong) needs to be the same in order for you to encrypt something else and have the value the same. I have used this for username/password logins where the password is called with
crypt('password', 'aCrt45xaCrt45xaCrt45xaCrt45xaCrt4');
When you re encrypt you will need to use the same salt to make sure it is the same. This can be done by storing in the database or statically.
So your check would turn into
if (crypt($user_input, someStringThatIs33CharsLong) == $encryptedinfo) {
echo "Password verified!";
}