I'm using phpass when my users type in password upon signup and login. It's working when I'm working local on my Mac.
But when I hash a password when I'm online it's like it's hashing in a wrong way.
I have imported the local db to online db. And the password generated when I was local works perfect when I'm online.
So.. It's like something's going completely wrong when I'm using phpass online.
I'm using it like this:
$hasher = new PasswordHash(8, FALSE);
$password = HashPassword($_POST["password"]);
This would give me something like:
_zzD.NrhAaUmhr6G8i5E //when I'm local
$2a$08$mt3//cn0tqMmug/.tjKeC.AbZhYyj470EY9zSivZvNOtwk4A //when I'm online
When I'm checking password it's like this:
$hasher = CheckPassword($_POST["password"], $row["password"]);
//$_POST is ofc. the submitted
//$row is the password for the user from the db.
//the user is found on the username and then im checking password.
I have absolutely no idea what's wrong. I was hoping someone on SO have had same problems.
The preferred hashing method supported by phpass is the Blowfish-based bcrypt, with a fallback to BSDI-style extended DES-based hashes and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself
It is likely that your environments are using different hashing algorithms. You should ensure that both your development and production environments support blowfish encryption.
As a weaker alternative, this article mentions that:
The MD5-based salted and stretched hashing implemented in phpass itself is supported on all systems. phpass provides a way for you to force the use of these "portable" hashes - this is a Boolean parameter to the PasswordHash constructor function.
The second option to the PasswordHash constructor is $portable_hashes which can force the library to produce (weaker) hashes which are safe to move between machines. Try using
$hasher = new PasswordHash(8, true);