0

I just put my project from localhost to my host and using the same (phpass) function I receive different results and the length of the returned string is also different. (and everything works on localhost btw)

So the same function returns false when online. I was wondering what the problem might be.

Here's the result:

Input: 12345

  • localhost:$2a$08$t5joFUIbEThylj/IyUVy7.WzMZm8fmKjsy0kZc/YxgqzkbYQWnlre
  • host: $P$9QiKVfJzpRzoToBCJg8FeaDIfcAJJ61

EDIT: I switched on the TRUE flag to make password portable but still it doesn't seem to work.

EDIT 2: Doesn't work with php 4 or 5 and I DID switch on the portable mode!!

BehnUm
  • 141
  • 10

3 Answers3

2

WARNING: By default the library generates strong system-specific password hashes that are not portable. It means that once created, user database cannot be dumped and exported to another server. This behavior can be changed in config-file as well.

-> Portable (PHPass) password hashes. Should I use them?

Community
  • 1
  • 1
Tobias
  • 9,170
  • 3
  • 24
  • 30
  • And could you tell me how can I make it work now? (PHP Version 4.4.9 and as I read I have to have the portable mode on if I'm not mistaken) – BehnUm Jan 17 '12 at 16:28
  • Have you tested it with new passwords & portable mode on? – Tobias Jan 17 '12 at 16:36
  • yes but it still returns false! I even switched my php to 5 (using htaccess) and it still won't work! any advice? – BehnUm Jan 17 '12 at 18:50
2

If I'm not mistaken, phpass uses the best method available to it. In this case, it would seem that the modules available on the live host are not the same as those on localhost, and thus phpass has to choose a different method. The "$2a$" indicates bcrypt, and the "$P$" indicates phpass' internal hash. I.e., it appears that the live host doesn't have bcrypt available.

Alex Howansky
  • 50,515
  • 8
  • 78
  • 98
  • You are right, the php version is 4.4.9 and I just don't know how I can make it work (I even turned on the portable mode flag but it still does not work) – BehnUm Jan 17 '12 at 16:29
  • If you're getting a result that starts with "$2a$" on localhost, then you're not using the portable hash. Make sure you call the HashPassword() method with TRUE as the second argument. – Alex Howansky Jan 17 '12 at 16:42
0

I finally found out the problem was not phpass itself, but the scripts were causing an error (mysql real name escape was the problem and ajax was actually hiding it from me) anyways, everything is ok now, thanks.

BehnUm
  • 141
  • 10