Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
mmarkym

Password Inset Only Works Live

Recommended Posts

Within the register.php file there's an INSERT statement that inserts a record into the users table of the database. My password is only inserted locally. When I go live and try to register, the pass field in the db is blank. I'm using the library with the password.php in it and have included that above the INSERT statement.

 

mark

Share this post


Link to post
Share on other sites

if ($rows === 0)
{
include('includes/lib/password.php');
$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . password_hash($p, PASSWORD_BCRYPT) . "', '$fn', '$ln', SUBDATE(NOW(), INTERVAL 1 DAY) )";
$r = mysqli_query($conn, $q);
if (mysqli_affected_rows($conn) === 1)
{

Share this post


Link to post
Share on other sites

I'm not sure what you mean by "How many characters does the password_hash function call resolve to" but the pass field in the db is set to VARCHAR (255).

 

mark

Share this post


Link to post
Share on other sites

Are you sure your Live server PHP version supports password_hash()? It ships with PHP 5.0.0, but won't be available in lower versions of PHP. You can check this by adding phpinfo(). If it doesn't exists, you'll need to upgrade PHP or switch hashing function.

 

Edit: You can also check for errors by adding these lines to the top of your script:

ini_set('display_errors', 1);
ini_set('error_reporting', -1);

Share this post


Link to post
Share on other sites

Antonio, I think that password_hash is supported in PHP >= 5.5. (Reference: http://www.php.net/manual/en/function.password-hash.php)

 

However, he seems to be including password.php, which contains the polyfill for the function in older versions of PHP.

 

Anyway, Mark, have you tried echoing both $p and password_hash($p, PASSWORD_BCRYPT) out to the screen?

Do you get what's expected?

 

Also, I would follow Antonio's advice and get the error reporting going.

It'll help.

Share this post


Link to post
Share on other sites

If I echo $p and password_hash($p, PASSWORD_BCRYPT), I get the $p but nothing with password_hash($p, PASSWORD_BCRYPT). I also added phpinfo() and could not find password_hash only md3 and sha1

 

mark

Share this post


Link to post
Share on other sites

I grabbed password.php from the following URL, and then threw it in a folder with the following script, and it seems to work fine:

https://raw.github.com/ircmaxell/password_compat/master/lib/password.php

 

<?php
  include('password.php');
  
  $password = 'You will never crack this!';
  $hash = password_hash($password, PASSWORD_BCRYPT);
  
  echo $password . '<br>' . $hash;

You might want to make sure everything in your script is properly aligned.

Share this post


Link to post
Share on other sites

Mark, what version of PHP is your live server running? And did you follow the instructions in the book for testing support for the password library (on your live server)?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...