I add new user to database and hash user password using pHpass. On this point I face weird problem.
If I create/hash the password '123' on http://localhost/add.php and check the password using pHpass's CheckPassword method on the same page it will say that password is good. But if I check the previously created hash password, created on http://localhost/add.php, on http://localhost/login.php, it says the password is invalid. What is this?
My pHpass 3.0 (Downloaded from: http://www.openwall.com/phpass/) settings are
Iteration Count = 8
Portable Hashes = FALSE
I also tried it with Portable Hashes = TRUE but same results. So how on earth any body will be able to match password if anybody faces this situation.
Here is how I did all.
HashPassword to hash incoming user password from POST and saved it to database.CheckPassword with two parameters, 1st unhashed user password and 2nd hashed password saved in the database against user name; just as pHpass mentioned in test.php file downloaded from http://www.openwall.com/phpass/Help meeee !
yes if you stored password in hash value at add time than whenever you need to login from login.php than you will convert your password value into hash firstly and than compare it with your stored value and it will works.