Welcome Guest, Not a member yet? Register   Sign In
tank_auth and phpass: password seems to be hashed incorrectly, login impossible

hey there,

i'm using tank_auth, an authentication library. it worked well on my local machine but since i've uploaded it to my server logging in has been impossible. i did some digging in the Tank_auth.php library and found out that the problem occurs when the script tries to compare the submitted password to the hash string that is stored in the database.

tank_auth uses phpass to encode the hashes. i found out that the hash that phpass generates from the submitted password is always "*0" for some reason. i don't understand why. this is why it never matches the password in the database.

here's how Tank_auth calls the phpass method to compare the password hashes:

                if ($hasher->CheckPassword($password, $user->password)) {        // password ok...

could the problem the the arguments passed to the PasswordHash class? or what else could be the problem here?

you can find the phpass code on the website linked above, it's too big to be posted here.

thanks for your help!

any ideas? (sorry for the push)

Looking at the phpass code, *0 is a value explicitely set, and for whatever reason the hash isn't being properly created.

I would guess that the encryption method being used isn't available on your server.

Thank you, noctrum.

Do you have any idea what I have to change in order to get it to work?
The Phpass code is a bit too complicated for me to understand what encryption method is used and how I can change it.

Did you run the test file included with tankauth? Have you tried creating a new user on the remote server, rather than trying to login with a user created on your local machine?

Hi all,

I have the same problem with lolmann here.
I try to use hashed-generated password from my local machine to the production server.
And it failed to login.

After I create a new user (with also a new hashed password) in the prod-server, finally i manage to login.

I tried to do a little comparation between the hashed password from local-machine and the production-server for the same user/password.
And its totally different! :bug:
(which also make me confused because they're also different in length)

In my opinion, looks like the hashing process depends on the server (FYI, i haven't seen the code inside phpass lib; and i don't think i'll needed for now Tongue )

Thanks noctrum for suggesting create a new user in the remote/production server.
At least it solved my problem for now.

While I have to think another way how to give a 'default user/password' when I have to deploy from local to production server :red:

Theme © iAndrew 2016 - Forum software by © MyBB