1

I'm hashing the passwords upon account creation, and that it working (with the password set to VARCHAR(60)) but when I try to do this:

    $query = $this->CI->db->query("SELECT * FROM users WHERE email = ?", $email);

    if ($query->num_rows() > 0) {
        $user_pass = $query->row()->password;

        $hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);

        if ($hasher->CheckPassword($user_pass, $pass)) {
            return true;
        } else {
            return false;
        }
    } else {
        return false;
    }

it always returns false. Any ideas as to why this might be? (the password I'm providing is correct)

Sneaksta
  • 1,041
  • 4
  • 24
  • 46
  • Do you actually get anything from the DB? "SELECT * FROM users WHERE email = ?" Where email is equal to questionmark? Is that what you want it to be? Shoudln´t it be: $query = $this->CI->db->query("SELECT * FROM users WHERE email = '$email'); – Juw Aug 23 '12 at 08:18
  • I'm using CodeIgniter's Query Bindings (http://codeigniter.com/user_guide/database/queries.html bottom of the page) – Sneaksta Aug 23 '12 at 09:00
  • Where do you define `$email`and `$pass`? – Mudshark Aug 23 '12 at 09:11
  • I define them before, sorry I didn't include all of my code. The variables input into the CheckPassword function are both working, I have tested them numerous times. I don't know what is going wrong... – Sneaksta Aug 23 '12 at 10:12

1 Answers1

1

I think you have inverted the check password field. It has to be like this: 

$hasher->CheckPassword(password which has to be checked, password from database).

This makes a difference because Check Password is going to hash the password which is to be checked.

stealthyninja
  • 10,343
  • 11
  • 51
  • 59
Ankur Agarwal
  • 31
  • 2