I am trying to hash a password and store it in a mySql database. When storing with localhost this was fine, now I have moved to server the hashing method prevents the whole thing from working. If I remove the hashing code it saves just fine but I wish to hash the passwords. Seems strange as the same code works fine locally and the web based code connects to Sql fine. I have tried various different ways to hash, as soon as I try any all I get is
"2013-10-15 22:37:07.915 UsernameAndPasswordwithphp[20249:a0b] Response from server = "
rather than
"2013-10-15 22:54:53.750 UsernameAndPasswordwithphp[21323:a0b] Response from server = Connection established Database selected"
I am running php 5.5.3
many thanks in advance!
here is my code
<?php
//session_start()
$host = "";
$user = "";
$pass = "";
$db = "";
$r = mysql_connect($host, $user, $pass);
if (!$r) {
echo "Could not connect to server\n";
trigger_error(mysql_error(), E_USER_ERROR);
} else {
echo "Connection established\n";
}
$r2 = mysql_select_db($db);
if (!$r2) {
echo "Cannot select database\n";
trigger_error(mysql_error(), E_USER_ERROR);
} else {
echo "Database selected\n";
}
$usernameFromApp = $_GET["f1"];
$nameFromApp = $_GET["f2"];
$passwordFromApp = $_GET["f3"];
$timeTarget = 0.2;
$cost = 9;
do {
$cost++;
$start = microtime(true);
password_hash($passwordFromApp, PASSWORD_BCRYPT, ["cost" => $cost]);
$end = microtime(true);
} while (($end - $start) < $timeTarget);
$hash = password_hash($passwordFromApp, PASSWORD_BCRYPT, ["cost" => $cost]);
echo "Appropriate Cost Found: " . $cost . "\n";
echo $hash."\n";
$name = $_GET["f2"];
$username = $_GET["f1"];
$password = $hash;
//$password = $_GET["f3"];
$query = "INSERT INTO user VALUES ('', '$name','$username','$password')";
mysql_query($query) or die (mysql_error("error"));
mysql_close();
?>
Are you sure that you have PHP 5.5 on your server as well? Have you double checked this with phpinfo()?
If so, remove the while loop in your code first. This is from the manual and I know the code, but it's meant to bench how much cost your server can handle in a specific time window. You don't need this in production. Bench it once and set the cost (or simply stick to the default which is good enough).
Check your database credentials, create a new file and debug only the database connection first. It seems like that this is the problem you are facing. Make sure to set error_reporting(-1) and ini_set("display_errors", true), that should ensure that you get a response from your script if something goes wrong.
Also note that mysql is deprecated since PHP 5.5 and you should definitely not use it anymore, use mysqli or PDO.
Validate any and all user input, never trust anything!
Use prepared statements for your SQL (supported by mysqli and PDO).