Home/ Questions/Q 9238687
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T07:49:09+00:00

Using Tuts Plus Hashing Tutorial it is constantly returning false when checking the hash

  • 0

Using Tuts Plus Hashing Tutorial it is constantly returning false when checking the hash value. The password has definitely not been entered incorrectly ‘111111’. I’ve done an IF statement to echo what it returns and it comes out as ‘False’.

The PDO query for Inserting and Selecting the information are both working correctly.

My sign up form:

$pass_hash = PassHash::hash($_POST['pwd']); 

$q = "INSERT INTO Users(password) VALUES (:password);";

$query = $db->prepare($q);

$query->bindParam(":password",$pass_hash);

$results = $query->execute();
$user_id = $db->lastInsertID();

My Log in form:

<?php
require ("include/PassHash.php");  

if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];

$query = $db->prepare('SELECT * FROM Users WHERE email = :email');
$query->bindParam(":email",$email);
$results = $query->execute();

$total = $query->rowCount();
$row = $query->fetch();

// Returns more than 0 rows (Email found) and checks hash.
if($total>0 && PassHash::check_password($row['password'], $_POST['password'])){     
    // Correct credentials.
    $_SESSION['user_id'] = $row['id'];
    $_SESSION['user_email'] = $email;
    session_set_cookie_params(24*60*60);
    ob_start();
    header('Location: /index.php?p=user_account', true);
    exit();
    ob_end_flush();
} else {
    // Incorrect password / email.
}
}
?>

PassHash.php

<?php
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
    return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
    return crypt($password,
        self::$algo .
        self::$cost .
        '$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
    $full_salt = substr($hash, 0, 29);
    $new_hash = crypt($password, $full_salt);
    return ($hash == $new_hash);
}
}
?>

I’ve printed the password and email after the form has been submitted and both are showing, so it isn’t an input error.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Increasing the VARCHAR(45) to VARCHAR(255) for the password field resolved the problem.

    • 0