BlowFish Encryption returning false in PHP

StackOverflow https://stackoverflow.com/questions/14591482

  •  06-03-2022
  •  | 
  •  

Frage

Using Tuts Plus Hashing Tutorial it is constantly returning false when checking the hash value. The password has definitely not been entered incorrectly '111111'. I've done an IF statement to echo what it returns and it comes out as 'False'.

The PDO query for Inserting and Selecting the information are both working correctly.

My sign up form:

$pass_hash = PassHash::hash($_POST['pwd']); 

$q = "INSERT INTO Users(password) VALUES (:password);";

$query = $db->prepare($q);

$query->bindParam(":password",$pass_hash);

$results = $query->execute();
$user_id = $db->lastInsertID();

My Log in form:

<?php
require ("include/PassHash.php");  

if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];

$query = $db->prepare('SELECT * FROM Users WHERE email = :email');
$query->bindParam(":email",$email);
$results = $query->execute();

$total = $query->rowCount();
$row = $query->fetch();

// Returns more than 0 rows (Email found) and checks hash.
if($total>0 && PassHash::check_password($row['password'], $_POST['password'])){     
    // Correct credentials.
    $_SESSION['user_id'] = $row['id'];
    $_SESSION['user_email'] = $email;
    session_set_cookie_params(24*60*60);
    ob_start();
    header('Location: /index.php?p=user_account', true);
    exit();
    ob_end_flush();
} else {
    // Incorrect password / email.
}
}
?>

PassHash.php

<?php
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
    return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
    return crypt($password,
        self::$algo .
        self::$cost .
        '$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
    $full_salt = substr($hash, 0, 29);
    $new_hash = crypt($password, $full_salt);
    return ($hash == $new_hash);
}
}
?>

I've printed the password and email after the form has been submitted and both are showing, so it isn't an input error.

War es hilfreich?

Lösung

Increasing the VARCHAR(45) to VARCHAR(255) for the password field resolved the problem.

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top