I just put my project from localhost to my host and using the same (phpass) function I receive different results and the length of the returned string is also different. (and everything works on localhost btw)
So the same function returns false when online. I was wondering what the problem might be.
Here's the result:
Input: 12345
- localhost:$2a$08$t5joFUIbEThylj/IyUVy7.WzMZm8fmKjsy0kZc/YxgqzkbYQWnlre
- host: $P$9QiKVfJzpRzoToBCJg8FeaDIfcAJJ61
EDIT: I switched on the TRUE flag to make password portable but still it doesn't seem to work.
EDIT 2: Doesn't work with php 4 or 5 and I DID switch on the portable mode!!
WARNING: By default the library generates strong system-specific
password hashes that are not portable. It means that once created,
user database cannot be dumped and exported to another server. This
behavior can be changed in config-file as well.
-> Portable (PHPass) password hashes. Should I use them?
If I'm not mistaken, phpass uses the best method available to it. In this case, it would seem that the modules available on the live host are not the same as those on localhost, and thus phpass has to choose a different method. The "$2a$" indicates bcrypt, and the "$P$" indicates phpass' internal hash. I.e., it appears that the live host doesn't have bcrypt available.
I finally found out the problem was not phpass itself, but the scripts were causing an error (mysql real name escape was the problem and ajax was actually hiding it from me) anyways, everything is ok now, thanks.