mmarkym Posted January 14, 2014 Share Posted January 14, 2014 Within the register.php file there's an INSERT statement that inserts a record into the users table of the database. My password is only inserted locally. When I go live and try to register, the pass field in the db is blank. I'm using the library with the password.php in it and have included that above the INSERT statement. mark Link to comment Share on other sites More sharing options...
HartleySan Posted January 14, 2014 Share Posted January 14, 2014 Welcome to the forums, Mark. Could you please provide the relevant code? Thank you. Link to comment Share on other sites More sharing options...
mmarkym Posted January 14, 2014 Author Share Posted January 14, 2014 if ($rows === 0) { include('includes/lib/password.php'); $q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', SUBDATE(NOW(), INTERVAL 1 DAY) )"; $r = mysqli_query($conn, $q); if (mysqli_affected_rows($conn) === 1) { Link to comment Share on other sites More sharing options...
HartleySan Posted January 14, 2014 Share Posted January 14, 2014 How many characters does the password_hash function call resolve to, and what is the password column in the DB set as? Link to comment Share on other sites More sharing options...
mmarkym Posted January 15, 2014 Author Share Posted January 15, 2014 I'm not sure what you mean by "How many characters does the password_hash function call resolve to" but the pass field in the db is set to VARCHAR (255). mark Link to comment Share on other sites More sharing options...
Antonio Conte Posted January 15, 2014 Share Posted January 15, 2014 Are you sure your Live server PHP version supports password_hash()? It ships with PHP 5.0.0, but won't be available in lower versions of PHP. You can check this by adding phpinfo(). If it doesn't exists, you'll need to upgrade PHP or switch hashing function. Edit: You can also check for errors by adding these lines to the top of your script: ini_set('display_errors', 1); ini_set('error_reporting', -1); Link to comment Share on other sites More sharing options...
HartleySan Posted January 15, 2014 Share Posted January 15, 2014 Antonio, I think that password_hash is supported in PHP >= 5.5. (Reference: http://www.php.net/manual/en/function.password-hash.php) However, he seems to be including password.php, which contains the polyfill for the function in older versions of PHP. Anyway, Mark, have you tried echoing both $p and password_hash($p, PASSWORD_BCRYPT) out to the screen? Do you get what's expected? Also, I would follow Antonio's advice and get the error reporting going. It'll help. Link to comment Share on other sites More sharing options...
mmarkym Posted January 15, 2014 Author Share Posted January 15, 2014 If I echo $p and password_hash($p, PASSWORD_BCRYPT), I get the $p but nothing with password_hash($p, PASSWORD_BCRYPT). I also added phpinfo() and could not find password_hash only md3 and sha1 mark Link to comment Share on other sites More sharing options...
HartleySan Posted January 15, 2014 Share Posted January 15, 2014 Does password.php define a function called password_hash? Link to comment Share on other sites More sharing options...
mmarkym Posted January 15, 2014 Author Share Posted January 15, 2014 yes it does. mark Link to comment Share on other sites More sharing options...
HartleySan Posted January 15, 2014 Share Posted January 15, 2014 I grabbed password.php from the following URL, and then threw it in a folder with the following script, and it seems to work fine: https://raw.github.com/ircmaxell/password_compat/master/lib/password.php <?php include('password.php'); $password = 'You will never crack this!'; $hash = password_hash($password, PASSWORD_BCRYPT); echo $password . '<br>' . $hash; You might want to make sure everything in your script is properly aligned. Link to comment Share on other sites More sharing options...
Larry Posted January 17, 2014 Share Posted January 17, 2014 Mark, what version of PHP is your live server running? And did you follow the instructions in the book for testing support for the password library (on your live server)? Link to comment Share on other sites More sharing options...
Recommended Posts