I am using Phpass to hash the passwords of my users. The creation and hashing of the password - fine. The checking of the password when logging in - fine.
The checking of the old password when changing it to a new one though - always returns false!
It is basically the same code but it never returns true, even when the password is correct. I have tried just checking the password outright by typing a password and pasting its hash into the function instead of calling it from the database and the input form but that still returns false.
Here is the login code which works:
$user = $query->fetch(PDO::FETCH_ASSOC);
$t_hasher = new PasswordHash(8, FALSE);
$check = $t_hasher->CheckPassword($password, $user['password']);
if (!$check) { die("failed"); }
else { ... log them in etc.
And here is the change password check, which doesn't work:
$user = $query->fetch(PDO::FETCH_ASSOC);
$t_hasher = new PasswordHash(8, FALSE);
$check = $t_hasher->CheckPassword($oldpass, $user['password']);
if (!$check) { showMessage("Incorrect Password","Your password was not changed.","icon-lock", "warning"); }
else { ... change the password etc.
I am at a loss, as far as I can see there is no conceivable reason why this isn't working.
It turns out I am a massive idiot and forgot to execute the database query for the change password.