I have the fallowing class that I have written for a login application using this tutorial :
class passHash{
private static $algo='$2y$';
private static $cost ='12$';
private function generateSalt(){
$salt=substr(sha1(mt_rand()),0,22);
return $salt;
}
public function hashPassword($password){
$hashpassword=crypt($password,self::$algo.self::$cost.self::generateSalt());
return $hashpassword;
}
public function checkPassword($hash, $password){
$fullsalt=substr($hash,0,29);
$newhash=crypt($password,$fullsalt);
if ($newhash==$password){
return true;
}else{
return false;
}
}
}
I think the code is self explanatory and i saw that there are a lot of questions regarding this login class.
Now the problem that i have encountered is with checking the password. If I do something like:
$a=passHash::hashPassword('1234');
$b=passHash::checkPassword($a,'1234');
var_dump($b);
I gate the result of bool(false)
Where is the problem with this code ?
EDIT 1 if I modifay the checkPassword like this:
public function checkPassword($hash, $password){
$fullsalt=substr($hash,0,29);
$newhash=crypt($password,$fullsalt).'<br>';
return $newhash;
}
and then i do :
$a=passHash::hashPassword('1234');
echo 'hashPassword: '.$a.'<br>';
$b=passHash::checkPassword($a,'1234');
echo 'checkPassword: '.$b.'<br>';
i get
hashPassword:$2y$12$6e29c2bbdacad854b1a63O8aty2a/.MQN0wbdmClnhXMbH3/tfQfG
checkPassword: $2y$12$6e29c2bbdacad854b1a63O8aty2a/.MQN0wbdmClnhXMbH3/tfQfG
they are identical .. so where is the problem ?