This is quite strange. Everything has been working fine on the shared server, but the passwords given when users register are hashed completely differently. For example this is about how all hashed passwords look like in phpmyadmin on a shared server:

$P$BFLZVVoJlzQpwA3STCCmcXy.s/bRQa0

And this is how they are created on the dedicated server:

$2a$08$Kdk3Zg11Va0LvAWTDacLYeqgKbojUY2Tuqtg4QXuhx/

It's longer and it looks different. I checked it many times. The same files are uploaded on both servers. The result of this problem that after registration the users cannot log in, as if they mistype their passwords.

At registration this is how the hashing is done:

$hasher = new PasswordHash(8, false);
$hash = $hasher->HashPassword($form_password1);

Where $form_password1 is the password given by the user.

I am using this class for hashing and checking passwords:

class PasswordHash {
    var $itoa64;
    var $iteration_count_log2;
    var $portable_hashes;
    var $random_state;

    function PasswordHash($iteration_count_log2, $portable_hashes)
    {
        $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

        if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
            $iteration_count_log2 = 8;
        $this->iteration_count_log2 = $iteration_count_log2;

        $this->portable_hashes = $portable_hashes;

        $this->random_state = microtime();
        if (function_exists('getmypid'))
            $this->random_state .= getmypid();
    }

    function get_random_bytes($count)
    {
        $output = '';
        if (is_readable('/dev/urandom') &&
            ($fh = @fopen('/dev/urandom', 'rb'))) {
            $output = fread($fh, $count);
            fclose($fh);
        }

        if (strlen($output) < $count) {
            $output = '';
            for ($i = 0; $i < $count; $i += 16) {
                $this->random_state =
                    md5(microtime() . $this->random_state);
                $output .=
                    pack('H*', md5($this->random_state));
            }
            $output = substr($output, 0, $count);
        }

        return $output;
    }

    function encode64($input, $count)
    {
        $output = '';
        $i = 0;
        do {
            $value = ord($input[$i++]);
            $output .= $this->itoa64[$value & 0x3f];
            if ($i < $count)
                $value |= ord($input[$i]) << 8;
            $output .= $this->itoa64[($value >> 6) & 0x3f];
            if ($i++ >= $count)
                break;
            if ($i < $count)
                $value |= ord($input[$i]) << 16;
            $output .= $this->itoa64[($value >> 12) & 0x3f];
            if ($i++ >= $count)
                break;
            $output .= $this->itoa64[($value >> 18) & 0x3f];
        } while ($i < $count);

        return $output;
    }

    function gensalt_private($input)
    {
        $output = '$P$';
        $output .= $this->itoa64[min($this->iteration_count_log2 +
            ((PHP_VERSION >= '5') ? 5 : 3), 30)];
        $output .= $this->encode64($input, 6);

        return $output;
    }

    function crypt_private($password, $setting)
    {
        $output = '*0';
        if (substr($setting, 0, 2) == $output)
            $output = '*1';

        $id = substr($setting, 0, 3);
        # We use "$P$", phpBB3 uses "$H$" for the same thing
        if ($id != '$P$' && $id != '$H$')
            return $output;

        $count_log2 = strpos($this->itoa64, $setting[3]);
        if ($count_log2 < 7 || $count_log2 > 30)
            return $output;

        $count = 1 << $count_log2;

        $salt = substr($setting, 4, 8);
        if (strlen($salt) != 8)
            return $output;

        # We're kind of forced to use MD5 here since it's the only
        # cryptographic primitive available in all versions of PHP
        # currently in use.  To implement our own low-level crypto
        # in PHP would result in much worse performance and
        # consequently in lower iteration counts and hashes that are
        # quicker to crack (by non-PHP code).
        if (PHP_VERSION >= '5') {
            $hash = md5($salt . $password, TRUE);
            do {
                $hash = md5($hash . $password, TRUE);
            } while (--$count);
        } else {
            $hash = pack('H*', md5($salt . $password));
            do {
                $hash = pack('H*', md5($hash . $password));
            } while (--$count);
        }

        $output = substr($setting, 0, 12);
        $output .= $this->encode64($hash, 16);

        return $output;
    }

    function gensalt_extended($input)
    {
        $count_log2 = min($this->iteration_count_log2 + 8, 24);
        # This should be odd to not reveal weak DES keys, and the
        # maximum valid value is (2**24 - 1) which is odd anyway.
        $count = (1 << $count_log2) - 1;

        $output = '_';
        $output .= $this->itoa64[$count & 0x3f];
        $output .= $this->itoa64[($count >> 6) & 0x3f];
        $output .= $this->itoa64[($count >> 12) & 0x3f];
        $output .= $this->itoa64[($count >> 18) & 0x3f];

        $output .= $this->encode64($input, 3);

        return $output;
    }

    function gensalt_blowfish($input)
    {
        # This one needs to use a different order of characters and a
        # different encoding scheme from the one in encode64() above.
        # We care because the last character in our encoded string will
        # only represent 2 bits.  While two known implementations of
        # bcrypt will happily accept and correct a salt string which
        # has the 4 unused bits set to non-zero, we do not want to take
        # chances and we also do not want to waste an additional byte
        # of entropy.
        $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

        $output = '$2a$';
        $output .= chr(ord('0') + $this->iteration_count_log2 / 10);
        $output .= chr(ord('0') + $this->iteration_count_log2 % 10);
        $output .= '$';

        $i = 0;
        do {
            $c1 = ord($input[$i++]);
            $output .= $itoa64[$c1 >> 2];
            $c1 = ($c1 & 0x03) << 4;
            if ($i >= 16) {
                $output .= $itoa64[$c1];
                break;
            }

            $c2 = ord($input[$i++]);
            $c1 |= $c2 >> 4;
            $output .= $itoa64[$c1];
            $c1 = ($c2 & 0x0f) << 2;

            $c2 = ord($input[$i++]);
            $c1 |= $c2 >> 6;
            $output .= $itoa64[$c1];
            $output .= $itoa64[$c2 & 0x3f];
        } while (1);

        return $output;
    }

    function HashPassword($password)
    {
        $random = '';

        if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
            $random = $this->get_random_bytes(16);
            $hash =
                crypt($password, $this->gensalt_blowfish($random));
            if (strlen($hash) == 60)
                return $hash;
        }

        if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
            if (strlen($random) < 3)
                $random = $this->get_random_bytes(3);
            $hash =
                crypt($password, $this->gensalt_extended($random));
            if (strlen($hash) == 20)
                return $hash;
        }

        if (strlen($random) < 6)
            $random = $this->get_random_bytes(6);
        $hash =
            $this->crypt_private($password,
            $this->gensalt_private($random));
        if (strlen($hash) == 34)
            return $hash;

        # Returning '*' on error is safe here, but would _not_ be safe
        # in a crypt(3)-like function used _both_ for generating new
        # hashes and for validating passwords against existing hashes.
        return '*';
    }

    function CheckPassword($password, $stored_hash)
    {
        $hash = $this->crypt_private($password, $stored_hash);
        if ($hash[0] == '*')
            $hash = crypt($password, $stored_hash);

        return $hash == $stored_hash;
    }
}

This is how the validation goes when the user is trying to sign in:

$number_of_rows=checkpass();

And if $number_of_rows==1 then the user is signed in.

function checkpass()
{
    global $username, $password, $database, $host;  

    try {
        $conn = new PDO("mysql:host=$host;dbname=$database", $username, $password, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch(PDOException $e) {
        echo 'ERROR: ' . $e->getMessage();  //Oops, something went wrong page
        $goto = "error";
        $server_dir = $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/';
        header('Location: http://' . $server_dir . $goto);
        exit();
    }

    echo $conn->errorCode();
    echo $conn->errorInfo();

    //LOGIN WITH HASH

    $hasher = new PasswordHash(8, false);
    $stored_hash="*";


    $user = $_POST['username'];
    $pass = $_POST['password'];

    echo 'username: ' . $user . '<br>';  //myname
    echo 'password: ' . $pass . '<br>';  //mypass

    $error = '';

    if ($user == '') $error = 'Wrong username or password!';
    if ($pass == '') $error = 'Wrong username or password!';


    try {   
            $stmt = $conn->prepare("SELECT PASSWORD, CONFIRMED FROM REG_USERS WHERE USERNAME=?  LIMIT 1");
            $stmt->execute(array($user));
            $row = $stmt->fetchAll(PDO::FETCH_ASSOC);
            echo '<br>most jon<br>';

            foreach ($row as $row2)
            {   
                $confirmed = $row2['CONFIRMED'];
                $stored_hash = $row2['PASSWORD'];
                echo '<br>stored_hash1: '.$stored_hash.'<br>';
            }
            } catch(PDOException $e) {
            echo 'ERROR: ' . $e->getMessage();  //Oops, something went wrong page
            $goto = "error";
            $server_dir = $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/';
            header('Location: http://' . $server_dir . $goto);
            exit();
        }

        echo 'user: '.$user.'<br>';
        echo 'savedpass: '.$stored_hash.'<br>';
        echo 'pass: '.$pass.'<br>';
        //exit();
        $check = $hasher->CheckPassword($pass, $stored_hash);
        if ($confirmed == 'Yes')
        {
            if ($check) {
                echo 'passwords matched! show account dashboard or something';
                return 1;
            } else {
                echo 'passwords didn’t match, show an error';
                return 0;
            }
        }
        else if ($confirmed == 'No')
        {
            return 2;
        }
}

0 is returned every time. I am at a dead end right now and I have no idea how can the hashing create two different kind of hashed passwords in two different servers. By the way should this be common, I am totally fine with different hashes but why am I not able to sign in with a fresh registration?

Note: since the database was originally copied from one server to the other, I can sign in with those accounts that were created on the shared server. But I cannot log in to those that I create on the dedicated server.

Looks like your salt is generated based on the servers PHP version. Ensure both servers are the same versions (PHP).

Make sure the two servers use the same hashing algorithm.

This code seems to switch on whatever is available. It uses blowfish, otherwise DES, otherwise something custom (?)

The second string is generated by using blowfish (see php.net/manual/en/function.crypt.php), the first is something unknown to me.

Blowfish algorithm was introduced in PHP 5.3.7, so if you are using 5.2.17 on one server and 5.3.10 on the other, therefore your hash method uses a fallback algorithm.

Solution: UPDATE YOUR PHP VERSION !!! It's 2013 and you are still using a version that is dead for 4 (!) years now. This is really really bad.