3

I am still new to PHP. I tried Mr. Andrew Moore's method. The password wasn't matching. I tried playing with Andrew Liu's code and the answers from the post. When I try to var_dump I am not getting true or false. I am not sure what I am doing wrong. Can someone please let me know? 

$bcrypt = new Bcrypt(15); 
$username = sanitize($username);
$password = $_POST['password'];

DEFINE('DB_USER', 'root');
DEFINE('DB_PASSWORD', 'password');
DEFINE('DB_HOST', 'localhost');
DEFINE('DB_NAME', 'users');

$dbh = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$check_username = $dbh->prepare("SELECT password FROM user WHERE username= '$username'");
$check_username -> execute(array($username));

while($row = $check_username->fetch(PDO::FETCH_ASSOC)){
    $check_password = $row['password'];
    $isGood = $bcrypt->verify($password, $check_password);
    var_dump($isGood);
}
Community
  • 1
  • 1
John
  • 31
  • 1
  • what **are** you getting from `var_dump` then? – JamesHalsall Oct 17 '12 at 11:54
  • I modified the code a bit later. I am getting false for var_dump now. I am entering my password as plaintext and I have the hashed version for "check_password" retrieved from the database. I can't seem to get the $isGood = $bcrypt->verify($password, $check_password); working. I am using XAMPP with PHP Version 5.3.8. – John Oct 17 '12 at 19:19
  • Are you sure your getting the correct record? `var_dump($row)` – Lex Nov 08 '12 at 23:22
  • possible duplicate of [How do you use bcrypt for hashing passwords in PHP?](http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php) – markus Nov 09 '12 at 17:44

1 Answers1

0

Can you compare hashed password with what is stored in db? I had similar problem and then I realized hash in db is truncated. Changing password column size from Varchar(40) to Varchar(125) solved my problem.

Zdenek Machek
  • 1,758
  • 1
  • 20
  • 30