Geek Answers Handbook

Blowfish encryption - hash is created but does not check

I wrote this code some time ago, which I am now animating for a new project, but it does not seem to work, and I cannot let my life determine why it will not check the hash.

Two functions are listed below when registering the first passwordEncrypt () function.

When trying to enter the system, the checkPassword () function is called, instead of entering the system and echoing “yes”, it gets to the section where echo “no”.

So, please, if a fresh set of eyes can look into many thanks!

// Encrypt user password
function passwordEncrypt($password) {
    // set the salt
    $salt = substr(md5(time()), 0, 22);

    // encrypt using blowfish with a load of 10
    $password = crypt($password, '$2a$10$' . $salt);

    // return the encrypted hash
    return $password;
}

/*
    Check password function when logging in
    first we select the password from the supplied username from the database
    // get the row and set the hash to the currect password from the database
    //run the salts etc and check to see if the passwords match
*/
function checkPassword($userName, $password, $db){
    $sql = 'SELECT password FROM users WHERE userName = :userName';
    $stmt = $db->prepare($sql);
    $stmt->bindValue(':userName', $userName, PDO::PARAM_STR);
    $stmt->execute();

    $numRows = $stmt->rowCount();

    if ($numRows > 0) {
        $row = $stmt->fetch();
        $hash = $row['password'];

        // run the hash function on $password 
        $fullSalt = substr($hash, 0, 29); 
        $new_hash = crypt($password, $fullSalt); 

        // Check that the password matches
        if($hash == $new_hash) {
            echo 'yes';
            exit;
            return true;
        } else {
            echo 'no';
            exit;
            return false;
        }
    } else {
        echo 'way';
        exit;
        return false;
    }
}

I registered a password and then tried it, and that’s what it returns

Password: $ 2a $ 10 $ 023d3086e8462207a1fecueWH4Ub40MWbQJ7F9 Entry: $ 2a $ 10 $ 023d3086e8462207a1fecueWH4Ub40MWbQJ7F9hapWU3lYxlg3AAa no

Therefore he adds hapWU3lYxlg3AAa

+4
1

" 40? 50? 60? ? $2a $10 $023d3086e8462207a1fecueWH4Ub40MWbQJ7F9 - Fred -ii -"

"ah 45 - Tom C"

. 60.

255.
: 255 - , password_hash(). 255 , , " ".

, 60 , .

$2a $10 $023d3086e8462207a1fecueWH4Ub40MWbQJ7F9hapWU3lYxlg3AAa

60

:

, crypt() password_hash() ( PHP < 5.5) https://github.com/ircmaxell/password_compat/ . .

. Q & A on Stack :

+3

More articles:


All Articles