Jump to content
Larry Ullman's Book Forums

Password Inset Only Works Live


Recommended Posts

Within the register.php file there's an INSERT statement that inserts a record into the users table of the database. My password is only inserted locally. When I go live and try to register, the pass field in the db is blank. I'm using the library with the password.php in it and have included that above the INSERT statement.

 

mark

Link to comment
Share on other sites


if ($rows === 0)
{
include('includes/lib/password.php');
$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', SUBDATE(NOW(), INTERVAL 1 DAY) )";
$r = mysqli_query($conn, $q);
if (mysqli_affected_rows($conn) === 1)
{
Link to comment
Share on other sites

Are you sure your Live server PHP version supports password_hash()? It ships with PHP 5.0.0, but won't be available in lower versions of PHP. You can check this by adding phpinfo(). If it doesn't exists, you'll need to upgrade PHP or switch hashing function.

 

Edit: You can also check for errors by adding these lines to the top of your script:

ini_set('display_errors', 1);
ini_set('error_reporting', -1);
Link to comment
Share on other sites

Antonio, I think that password_hash is supported in PHP >= 5.5. (Reference: http://www.php.net/manual/en/function.password-hash.php)

 

However, he seems to be including password.php, which contains the polyfill for the function in older versions of PHP.

 

Anyway, Mark, have you tried echoing both $p and password_hash($p, PASSWORD_BCRYPT) out to the screen?

Do you get what's expected?

 

Also, I would follow Antonio's advice and get the error reporting going.

It'll help.

Link to comment
Share on other sites

I grabbed password.php from the following URL, and then threw it in a folder with the following script, and it seems to work fine:

https://raw.github.com/ircmaxell/password_compat/master/lib/password.php

 

<?php
  include('password.php');
  
  $password = 'You will never crack this!';
  $hash = password_hash($password, PASSWORD_BCRYPT);
  
  echo $password . '<br>' . $hash;

You might want to make sure everything in your script is properly aligned.

Link to comment
Share on other sites

 Share

×
×
  • Create New...