[Johnson_boy]

Quote:

Originally Posted by xkirill Downloaded v2.2.3 and updated the files. it continues to say that there is a new version although it say above that it loaded version 2.2.3 Yes with password_verify($input, $hashed_password_from_db);

Did you remember to update bcrypt.inc and recompile the script? It seems to work fine for me

Quote:

Originally Posted by Nealll It's impossible because even if you enter exactly the same caracrtere chain, bcrypt hash of another ways ... Show me a code example ^^

This is the basic idea:

PHP Code:

<?php
$password = 'Hello World!';
$hash = '$2y$12$D62QnfKU1bYMTode2W7UVeMb7maqY.Y7TCdWgQzj44HuOBK47Ej1Wl';
if(password_verify($password, $hash))
{
    // Match
}
else
{
    // No match
}

And something like this might resemble the actual use case:

PHP Code:

<?php
/**
 * Attempt to login using the given username and password. (simple example)
 * @param  string $username The username given by the user
 * @param  string $password The password given give the user
 * @return boolean            True if the login was successful, otherwise false
 */
public function login($username, $password)
{
    $success = false;
    $get_password_q = "SELECT `id`, `password` FROM `users` WHERE `username` = ?";
    if($stmt = $db->prepare($get_password_q))
    {
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($id, $hash);
        if($stmt->num_rows)
        {
            if(password_verify($password, $hash))
            {
                // Correct password
                $success = true;
            }
            else
            {
                // Wrong password
            }
        }
        else
        {
            // The user does not exist
        }
        $stmt->close();
    }
    return $success;
}