RevCMS Password Hashing

[Blasteh]

Hello,
I'm resetting my hotel and I want to encrypt passwords differently. I want to use a more secure one, such as bcrypt.

By default, rev uses md5.

PHP Code:

    final public function hashed($password)
    {
        return md5($password);
    } 


I want to use a more secure method, such as bcrypt, how would I go about doing this?

[MentaL]

[Blasteh]

anyone?

[Aamiainen]

just google it?

[Matata]

According to PHP: password_hash - Manual

PHP Code:

string password_hash ( string $password , integer $algo [, array $options ] ) 


So, to use bcrypt, you would replace your function with this:

PHP Code:

    final public function hashed($password)
    {
        return password_hash($password, PASSWORD_BCRYPT);
    } 


[Blasteh]

According to PHP: password_hash - Manual

PHP Code:

string password_hash ( string $password , integer $algo [, array $options ] ) 


So, to use bcrypt, you would replace your function with this:

PHP Code:

    final public function hashed($password)
    {
        return password_hash($password, PASSWORD_BCRYPT);
    } 


I know that, but; its the login that is the issue. It's not verifying the password in bCrypt form.

- - - Updated - - -

just google it?

You think I didn't google it already? That was a fucking pointless reply.

[Keiz]

Salted SHA256?

[Aamiainen]

Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.

Meaning that your problem lies elsewhere. Actually i'm pretty sure your hash column in users table isn't long enough, generated hash. So i'd suggest you try increasing length of hash column.