mmarkym 0 Posted January 14, 2014 Report Share Posted January 14, 2014 Within the register.php file there's an INSERT statement that inserts a record into the users table of the database. My password is only inserted locally. When I go live and try to register, the pass field in the db is blank. I'm using the library with the password.php in it and have included that above the INSERT statement. mark Quote Link to post Share on other sites
HartleySan 826 Posted January 14, 2014 Report Share Posted January 14, 2014 Welcome to the forums, Mark. Could you please provide the relevant code? Thank you. Quote Link to post Share on other sites
mmarkym 0 Posted January 14, 2014 Author Report Share Posted January 14, 2014 if ($rows === 0) { include('includes/lib/password.php'); $q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', SUBDATE(NOW(), INTERVAL 1 DAY) )"; $r = mysqli_query($conn, $q); if (mysqli_affected_rows($conn) === 1) { Quote Link to post Share on other sites
HartleySan 826 Posted January 14, 2014 Report Share Posted January 14, 2014 How many characters does the password_hash function call resolve to, and what is the password column in the DB set as? Quote Link to post Share on other sites
mmarkym 0 Posted January 15, 2014 Author Report Share Posted January 15, 2014 I'm not sure what you mean by "How many characters does the password_hash function call resolve to" but the pass field in the db is set to VARCHAR (255). mark Quote Link to post Share on other sites
Antonio Conte 426 Posted January 15, 2014 Report Share Posted January 15, 2014 Are you sure your Live server PHP version supports password_hash()? It ships with PHP 5.0.0, but won't be available in lower versions of PHP. You can check this by adding phpinfo(). If it doesn't exists, you'll need to upgrade PHP or switch hashing function. Edit: You can also check for errors by adding these lines to the top of your script: ini_set('display_errors', 1); ini_set('error_reporting', -1); Quote Link to post Share on other sites
HartleySan 826 Posted January 15, 2014 Report Share Posted January 15, 2014 Antonio, I think that password_hash is supported in PHP >= 5.5. (Reference: http://www.php.net/manual/en/function.password-hash.php) However, he seems to be including password.php, which contains the polyfill for the function in older versions of PHP. Anyway, Mark, have you tried echoing both $p and password_hash($p, PASSWORD_BCRYPT) out to the screen? Do you get what's expected? Also, I would follow Antonio's advice and get the error reporting going. It'll help. Quote Link to post Share on other sites
mmarkym 0 Posted January 15, 2014 Author Report Share Posted January 15, 2014 If I echo $p and password_hash($p, PASSWORD_BCRYPT), I get the $p but nothing with password_hash($p, PASSWORD_BCRYPT). I also added phpinfo() and could not find password_hash only md3 and sha1 mark Quote Link to post Share on other sites
HartleySan 826 Posted January 15, 2014 Report Share Posted January 15, 2014 Does password.php define a function called password_hash? Quote Link to post Share on other sites
mmarkym 0 Posted January 15, 2014 Author Report Share Posted January 15, 2014 yes it does. mark Quote Link to post Share on other sites
HartleySan 826 Posted January 15, 2014 Report Share Posted January 15, 2014 I grabbed password.php from the following URL, and then threw it in a folder with the following script, and it seems to work fine: https://raw.github.com/ircmaxell/password_compat/master/lib/password.php <?php include('password.php'); $password = 'You will never crack this!'; $hash = password_hash($password, PASSWORD_BCRYPT); echo $password . '<br>' . $hash; You might want to make sure everything in your script is properly aligned. Quote Link to post Share on other sites
Larry 429 Posted January 17, 2014 Report Share Posted January 17, 2014 Mark, what version of PHP is your live server running? And did you follow the instructions in the book for testing support for the password library (on your live server)? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.