Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
566 views
in Q2A Core by
edited by

I am trying to implement Bcrypt as a password hashing algorithm. But it seem stuck here, that I can't retrieve a user's passcheck on login. I already overrode qa_db_calc_passcheck function so it will return a Bcrypt hashing.

if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {

// Do something here...

I am overrode with the following if 

if  (password_verify($inpassword, $userinfo['passcheck'])) {    

// Do something here...

}

And it didn't work. So how can I retrieve a user's passcheck? The $userinfo['passcheck'] variable seem not working.

1 Answer

+2 votes
by
selected by
 
Best answer
Did you change the MySQL column definition for passcheck? In Q2A 1.7 it's 20 characters long but the bcrypt hash is longer (64 characters). So probably you're storing the longer version but it's getting cut off.

By the way, we've already updated the password system for the next version (1.8) to use bcrypt, so you don't really need to do that yourself.
by
Thank you  Scott. I always waiting for a version that support Bcrypt.
If that is only the problem then I changed the column definition to 255 characters even but it still not work, the problem may be somewhere else. I will check by myself then.
...