verify_password is failing

I moved my mysql table from another machine. I have noticed that on the new machine 

if (!password_verify($current_pass,$db_pass))

is failing. My current_pass is OK. But the $db_pass was hashed on a Windows PC. Do I need to set the "seed" (if that is what it is called) from my old PC to this new PC so that this password_verify will work? How to debug this? Should I hash the $current_pass to see if it is the same as the $db_pass?

proof that an old dog can learn new tricks

You could just delete the $db_pass and create a new one and store it in the database table.

Here is a controller for doing it.

PHP Code:

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * -----------------------------------------------------------------------
 * Editor   : PhpStorm
 * Date     : 1/20/2019
 * Time     : 10:50 AM
 * Authors  : Raymond L King Sr.
 * -----------------------------------------------------------------------
 *
 * Class        Key_generator
 *
 * @project     ci3admin
 * @author      Raymond L King Sr.
 * @link        http://www.procoversfx.com
 * @copyright   Copyright (c) 2009 - 2019 Custom Software Designers, LLC.
 * @license     http://www.procoversfx.com/license
 * -----------------------------------------------------------------------
 */
class Key_generator extends CI_Controller
{
    /**
     * Class properties and methods go here.
     * -------------------------------------------------------------------
     *
     * public, private, protected and static.
     */

    /**
     * @var
     */
    private $password_hash;
    
    private $userName;

    private $password;

    // -------------------------------------------------------------------

    /**
     * __construct ()
     * -------------------------------------------------------------------
     *
     * Class    Constructor
     *
     * NOTE: Not needed if not setting values or extending a Class.
     */
    public function __construct()
    {
        parent::__construct();

        log_message('debug', "Key_generator Controller Class Initialized");
    }

    // -------------------------------------------------------------------

    /**
     * index ()
     * -------------------------------------------------------------------
     *
     */
    public function index()
    {
        //$this->userName = 'Your User Name';
        //$this->password = 'Your Password';

        $this->userName = 'admin';
        $this->password = 'password';

        $this->setPassword($this->password);

        echo $this->password_hash . '<br><br>';

        $result = $this->verifyPassword($this->password_hash);

        echo $result;
    }

    // -------------------------------------------------------------------

    /**
     * setPassword ()
     * -------------------------------------------------------------------
     *
     * Automatically hashes the password when set.
     *
     * @see https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
     *
     * @param string $password
     */
    public function setPassword(string $password)
    {
        $this->password_hash = password_hash(
            base64_encode(
                hash('sha384', $password, true)
            ),
            PASSWORD_DEFAULT,
            ['cost' => 10]
        );
    }


    // -------------------------------------------------------------------

    /**
     * verifyPassword ()
     * -------------------------------------------------------------------
     *
     * @param  string $password
     * @return bool
     */
    public function verifyPassword(string $password)
    {
        // Now, try matching the passwords.
        $result = password_verify(base64_encode(
            hash('sha384', $password, true)
        ), $this->password_hash);

        if (! $result)
        {
            return false;
        }

        /**
         * Check to see if the password needs to be rehashed.
         * This would be due to the hash algorithm or hash
         * cost changing since the last time that a user
         * logged in.
         */
        if (password_needs_rehash($this->password_hash, PASSWORD_DEFAULT))
        {
            $this->password_hash = $this->setPassword($password);

            // save the users record to the database here
        }

        return true;
    }

    // -------------------------------------------------------------------

}   // End of Key_generator Controller Class.


/**
 * -----------------------------------------------------------------------
 * Filename: Key_generator.php
 * Location: ./application/controllers/Key_generator.php
 * -----------------------------------------------------------------------
 */ 


Hope that helps.

You may need to change the hashing to what yours is like.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

You could just delete the $db_pass and create a new one and store it in the database table.

Here is a controller for doing it.

PHP Code:

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * -----------------------------------------------------------------------
 * Editor   : PhpStorm
 * Date     : 1/20/2019
 * Time     : 10:50 AM
 * Authors  : Raymond L King Sr.
 * -----------------------------------------------------------------------
 *
 * Class        Key_generator
 *
 * @project     ci3admin
 * @author      Raymond L King Sr.
 * @link        http://www.procoversfx.com
 * @copyright   Copyright (c) 2009 - 2019 Custom Software Designers, LLC.
 * @license     http://www.procoversfx.com/license
 * -----------------------------------------------------------------------
 */
class Key_generator extends CI_Controller
{
    /**
     * Class properties and methods go here.
     * -------------------------------------------------------------------
     *
     * public, private, protected and static.
     */

    /**
     * @var
     */
    private $password_hash;
    
    private $userName;

    private $password;

    // -------------------------------------------------------------------

    /**
     * __construct ()
     * -------------------------------------------------------------------
     *
     * Class    Constructor
     *
     * NOTE: Not needed if not setting values or extending a Class.
     */
    public function __construct()
    {
        parent::__construct();

        log_message('debug', "Key_generator Controller Class Initialized");
    }

    // -------------------------------------------------------------------

    /**
     * index ()
     * -------------------------------------------------------------------
     *
     */
    public function index()
    {
        //$this->userName = 'Your User Name';
        //$this->password = 'Your Password';

        $this->userName = 'admin';
        $this->password = 'password';

        $this->setPassword($this->password);

        echo $this->password_hash . '<br><br>';

        $result = $this->verifyPassword($this->password_hash);

        echo $result;
    }

    // -------------------------------------------------------------------

    /**
     * setPassword ()
     * -------------------------------------------------------------------
     *
     * Automatically hashes the password when set.
     *
     * @see https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
     *
     * @param string $password
     */
    public function setPassword(string $password)
    {
        $this->password_hash = password_hash(
            base64_encode(
                hash('sha384', $password, true)
            ),
            PASSWORD_DEFAULT,
            ['cost' => 10]
        );
    }


    // -------------------------------------------------------------------

    /**
     * verifyPassword ()
     * -------------------------------------------------------------------
     *
     * @param  string $password
     * @return bool
     */
    public function verifyPassword(string $password)
    {
        // Now, try matching the passwords.
        $result = password_verify(base64_encode(
            hash('sha384', $password, true)
        ), $this->password_hash);

        if (! $result)
        {
            return false;
        }

        /**
         * Check to see if the password needs to be rehashed.
         * This would be due to the hash algorithm or hash
         * cost changing since the last time that a user
         * logged in.
         */
        if (password_needs_rehash($this->password_hash, PASSWORD_DEFAULT))
        {
            $this->password_hash = $this->setPassword($password);

            // save the users record to the database here
        }

        return true;
    }

    // -------------------------------------------------------------------

}   // End of Key_generator Controller Class.


/**
 * -----------------------------------------------------------------------
 * Filename: Key_generator.php
 * Location: ./application/controllers/Key_generator.php
 * -----------------------------------------------------------------------
 */ 


Hope that helps.

You may need to change the hashing to what yours is like.

proof that an old dog can learn new tricks

Thx, I ended up using another userid I have an got past that issue. Thx.

proof that an old dog can learn new tricks