How can I retrieve a user's passcheck?

Question

I am trying to implement Bcrypt as a password hashing algorithm. But it seem stuck here, that I can't retrieve a user's passcheck on login. I already overrode qa_db_calc_passcheck function so it will return a Bcrypt hashing.

if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {

// Do something here...

} 

I am overrode with the following if 

if  (password_verify($inpassword, $userinfo['passcheck'])) {    

// Do something here...

}

And it didn't work. So how can I retrieve a user's passcheck? The $userinfo['passcheck'] variable seem not working.

Answer 1

Did you change the MySQL column definition for passcheck? In Q2A 1.7 it's 20 characters long but the bcrypt hash is longer (64 characters). So probably you're storing the longer version but it's getting cut off.

By the way, we've already updated the password system for the next version (1.8) to use bcrypt, so you don't really need to do that yourself.

Comments

Thank you  Scott. I always waiting for a version that support Bcrypt.
If that is only the problem then I changed the column definition to 255 characters even but it still not work, the problem may be somewhere else. I will check by myself then.