I'm going crazy here!
I have moved a database and website to a new server.
The code I am using to generate the passoword on signup is:
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./';
$numChars = strlen($chars);
$salt = '';
for($i = 0; $i < 22; ++$i) {
$salt .= $chars[mt_rand(0, $numChars - 1)];
}
$p_hash = crypt($p, '$2a$12$' . $salt);
This code has not changed since the site went up. Neither has the login script:
$pCheck = crypt($p,$dbPass);
However, since changing servers, the passwords no longer match.
I have used var_dump to check the salt, password and hashed password and the problem seems to be the length of the string crypt() is creating.
The password stored in the database and created using the script above is 60 chars long, whereas running the same script on the new server returns a 13 char long string.
I have been up and down the internet and can find nothing relating to my problem. I read that crypt() does trim the string but couldn't find any more info on it.
Is there a reason that the same script would work differently on 2 different servers?
PHP was version 5.2 on the new server. Upgrade PHP to 5.3.28 and all good now :)
Thanks for the suggestions guys!