0

I add new user to database and hash user password using pHpass. On this point I face weird problem.

If I create/hash the password '123' on http://localhost/add.php and check the password using pHpass's CheckPassword method on the same page it will say that password is good. But if I check the previously created hash password, created on http://localhost/add.php, on http://localhost/login.php, it says the password is invalid. What is this?

My pHpass 3.0 (Downloaded from: http://www.openwall.com/phpass/) settings are

Iteration Count = 8
Portable Hashes = FALSE

I also tried it with Portable Hashes = TRUE but same results. So how on earth any body will be able to match password if anybody faces this situation.

Here is how I did all.

  1. On add.php I used pHpass method HashPassword to hash incoming user password from POST and saved it to database.
  2. On login.php I used pHpass method CheckPassword with two parameters, 1st unhashed user password and 2nd hashed password saved in the database against user name; just as pHpass mentioned in test.php file downloaded from http://www.openwall.com/phpass/

Help meeee !

Adnan
  • 1,379
  • 2
  • 17
  • 24
  • i hope this will help u @Adnan.. http://stackoverflow.com/questions/5343611/portable-phpass-password-hashes-should-i-use-them – devpro Dec 31 '15 at 06:22
  • I read @devpro it did not helped me ... Andrew answer is good but still I don't know why my created password on add.php is not working on login.php – Adnan Dec 31 '15 at 06:29

1 Answers1

1

yes if you stored password in hash value at add time than whenever you need to login from login.php than you will convert your password value into hash firstly and than compare it with your stored value and it will works.

jilesh
  • 436
  • 1
  • 3
  • 13
  • Not sure but please check this link : http://php.net/manual/en/function.password-verify.php hope it will help you. – jilesh Dec 31 '15 at 06:27