1

After moving to the new server, I'm getting plenty of such notifications:

A PHP Error was encountered

Severity: Notice

Message: Trying to get property of non-object

Filename: account/settings.php

Line Number: 28

account/settings.php view @line 28 content is:

echo $user->description;

Everywhere, the error appear I'm trying to get the info from the $user variable. I guess its related to the tank_auth: I'm passing $user data trough the controller:

$data['user'] = $this->tank_auth->user();
[..]
$this->load->view('account/settings', $data);

... and I'm logged in.

My directories path is exactly the same as on the earlier server.

Where is the problem?

Cyclone
  • 14,839
  • 23
  • 82
  • 114

1 Answers1

4

this is probably because you have the server hash set to non portable..

Lines 13-23 in application/config/tank_auth.php

/*
|--------------------------------------------------------------------------
| Security settings
|
| The library uses PasswordHash library for operating with hashed passwords.
| 'phpass_hash_portable' = Can passwords be dumped and exported to another server. If set to FALSE then you won't be able to use this database on another server.
| 'phpass_hash_strength' = Password hash strength.
|--------------------------------------------------------------------------
*/
## Set this to TRUE
$config['phpass_hash_portable'] = FALSE;
$config['phpass_hash_strength'] = 8;

Lines 203-235 of application/libraries/phpass-0.1/PasswordHash.php

just in case you were curious where this config comes into play, its in the blowfish hash creation:

function HashPassword($password)
{
    $random = '';

    if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
        $random = $this->get_random_bytes(16);
        $hash =
            crypt($password, $this->gensalt_blowfish($random));
        if (strlen($hash) == 60)
            return $hash;
    }

    if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
        if (strlen($random) < 3)
            $random = $this->get_random_bytes(3);
        $hash =
            crypt($password, $this->gensalt_extended($random));
        if (strlen($hash) == 20)
            return $hash;
    }

    if (strlen($random) < 6)
        $random = $this->get_random_bytes(6);
    $hash =
        $this->crypt_private($password,
        $this->gensalt_private($random));
    if (strlen($hash) == 34)
        return $hash;

    # Returning '*' on error is safe here, but would _not_ be safe
    # in a crypt(3)-like function used _both_ for generating new
    # hashes and for validating passwords against existing hashes.
    return '*';
}

If that doesn't fix the problem

try print_r($user); what comes back?

NDBoost
  • 10,184
  • 6
  • 53
  • 73
  • But... how is that working? Is it comparing the tables creating date or their md5 hash? – Cyclone Mar 25 '12 at 23:31
  • I've just set the `$config['phpass_hash_portable']` to `TRUE`, and re-logged my account and it does still not work. – Cyclone Mar 25 '12 at 23:34
  • you have to completely redo the users, the hashes that are used when generating passwords take into account the host information (IE Server hostname, server IP Address, mac address). Believe me, i had 400+ users and i forgot to set that before creating them. – NDBoost Mar 25 '12 at 23:51
  • i updated my answer with an excerpt from the library that shows where this config item comes into play. – NDBoost Mar 25 '12 at 23:55
  • Argh. I didn't know that I have to purge the accounts... Its quite unsafe, but it's my bad I havent look into my config file. I'm lucky that there was only 3 accounts in the database ... – Cyclone Mar 26 '12 at 05:48
  • yeah good deal, i made that mistake.. worst case scenario is regenerate passwords for the users and just send them a welcome email with the user/pass. – NDBoost Mar 26 '12 at 13:10