phpass-0.3 problems

[eluser]giovannidc[/eluser]
I'm trying to use phpass-0.3 to hash my users' passwords but I've ran into some trouble trying to implement it into Codeigniter.

Here is what I have done:
I extracted the phpass library to "libraries/phpass-0.3"

My model looks like:

Code:

class User_model extends CI_Model {

    function __construct()
    {
        // Call the Model constructor
        parent::__construct();
    }

function register()
    {
  
  // Create a test variable
  $password='mypassword';
  
  // Setup phpass
  $this->load->library('phpass-0.3/PasswordHash.php');
  $hasher = new PasswordHash(8, false);
  
  // Passwords should never be longer than 72 characters to prevent DoS attacks
  if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
  
  // The $hash variable will contain the hash of the password
  $hash = $hasher->HashPassword($password);
  
  // Store the hash somewhere such as a database
  if (strlen($hash) >= 20) {
   echo 'The hashed password of ' .$password . ' is: ' . $hash;
  }
  // Something went wrong with the hashing
  else {
    die("Something went wrong");
  }
    }
}

When I run this code I get four errors:

A PHP Error was encountered

Severity: Warning

Message: Missing argument 1 for PasswordHash:asswordHash(), called in /home/mysite/public_html/client.mysite.com/system/core/Loader.php on line 1099 and defined

Filename: phpass-0.3/PasswordHash.php

Line Number: 33

A PHP Error was encountered

Severity: Warning

Message: Missing argument 2 for PasswordHash:asswordHash(), called in /home/mysite/public_html/client.mysite.com/system/core/Loader.php on line 1099 and defined

Filename: phpass-0.3/PasswordHash.php

Line Number: 33

A PHP Error was encountered

Severity: Notice

Message: Undefined variable: iteration_count_log2

Filename: phpass-0.3/PasswordHash.php

Line Number: 37

A PHP Error was encountered

Severity: Notice

Message: Undefined variable: portable_hashes

Filename: phpass-0.3/PasswordHash.php

Line Number: 41

:question:I also then get my output:

The hashed password of mypassword is: $P$BJzL2yyPw6IeahYqndDsslcnRJFlDS0

So any ideas on how to get rid of the errors would be great

[eluser]giovannidc[/eluser]
I got it working at last. Here is what I did:

In my libraries folder I still have the phpass-0.3 folder that contains PasswordHash.php

I created a new file called Phpass.php and placed it in my libraries folder:

Code:

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

require_once('phpass-0.3/PasswordHash.php');

define('PHPASS_HASH_STRENGTH', 8);
define('PHPASS_HASH_PORTABLE', false);

class Phpass
{

function createhash($raw_password)
{
  // Passwords should never be longer than 72 characters to prevent DoS attacks
  if (strlen($raw_password) > 72) { die("Password must be 72 characters or less"); }
  
  // Hash raw_password using phpass
  $hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);
  $hashed_password = $hasher->HashPassword($raw_password);

  // Return the hashed password
  return $hashed_password;
}

function checkpassword($raw_password,$hashed_password)
{
  //Check if raw_password matches hashed_password when it is hashed using phpass
  $hasher = new PasswordHash(PHPASS_HASH_STRENGTH, PHPASS_HASH_PORTABLE);
  if($hasher->CheckPassword($raw_password, $hashed_password))
   return true;
  else return false;
}
}
?>

My model,user_model.php looks like:

Code:

<?php

class User_model extends CI_Model {

    function __construct()
    {
        // Call the Model constructor
        parent::__construct();
    }

function register()
    {
  
  // Create a test variable
  $password='mypassword';
  
  // Setup phpass
  $this->load->library('phpass');
  $hashed_password = $this->phpass->createhash($password);
  
  if (strlen($hashed_password) >= 20) {
   //Hashing was succussfull so do something like:
   echo '"'.$password.'" succussfully hashed as "'.$hashed_password.'" <br />';
  }
  else {
   //Hasing failed because the hash cannot be less than 20 characters. If it is, something went wrong!
   echo 'Hashing failed!';
  }
  
  // To test if the unhashed password matches the hashed password
  if ($this->phpass->checkpassword($password,$hashed_password))
   echo "The password is a match";
  else
   echo "The password is NOT a match";
    }
}

I don't really understand why this makes a difference, but it worked for me!

[eluser]jellysandwich[/eluser]
The problem is this:

Code:

// Setup phpass
  $this->load->library('phpass-0.3/PasswordHash.php');

When you use $this->load->library, Codeigniter will automatically attempt to instantiate an instance of the object and set it to $this->{library name}.

Unfortunately, it's not smart enough to pass in the two required variables to the constructor, which is why you're getting those errors.

[eluser]Unknown[/eluser]
After doing some home work I decided to rewrite the PasswordHash function by adding the following lines of code to the beginning of the function:

Code:

function PasswordHash($params = array())
{
    
        // Merge default parameter names and values,
        // with given $params array
        $params = array_merge(array(
            'iteration_count_log2'   => 'iteration_count_log2',
            'portable_hashes' => 'portable_hashes'
        ), $params);

        // Create variables from parameter list
        extract($params);
        
        .........


}

Reference Link:
http://stackoverflow.com/questions/91419...odeigniter

Works great for me

Making use of it:

Code:

$this->load->library('passwordhash', array('iteration_count_log2' => 8, 'portable_hashes' => FALSE ));

[eluser]Aken[/eluser]
You could also create a config file with those params in an array that would automatically be included when the library was loaded.

[eluser]brock[/eluser]
i'm kind of at a loss for why the native CI library class for Encryption can't be used 'out of the box' for securely storing passwords for use in login/registration