Password hashes differ in development and live server

[MDanz]

I just installed wamp, so i can test my website offline. Now i get numerous Undefined index or Undefined variable errors, which i know how to fix. Now logging in works online but with wamp it doesn't work. The code isn't wrong. I imported the database online to offline. I've pin pointed what is wrong but don't know how to solve it.

 

here is the code where i test if the login details are correct.

$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
$hashed_password = crypt($password, $Blowfish_Pre . $salt . $Blowfish_End);

//check to see if they match
if ($username==$dbusername&&$hashed_password==$dbpassword){

 

Offline the echoed $hashed_password for the account is

$2pozHhRA6bDM

 

Online the echoed $hashed_password for the account is

$2J7rPSsTYb1Q

 

I've determined crypt is working differently online than it is offline? I am using the same php version both online and offline(php 5.2.17), Why is this and how can i solve it?  I've been stuck on this all day.  My website works perfectly online though.

 

[xyph]

bcrypt isn't portable from what I understand. You're creating machine-specific hashes.

[scootstah]

If you want portable hashes, try something like PHPass.

[MDanz]

bcrypt isn't portable from what I understand. You're creating machine-specific hashes.

 

ok thanks, so i have to have register an account offline on this machine, so i can login with an account offline on this machine?

[scootstah]

Yes.

[xyph]

After testing it out, it turns out it all varies on your PHP version. If you're using 5.3 and above for both ends, bcrypt should give you the same results, because the library has been built into PHP itself.

 

Previous versions may vary, due to different mcrypt libraries being used.

 

bcrypt can be portable, and is not machine-specific. If you're using PHP < 5.3, be careful, and you're probably better off using PHPass with portable hashes turned on (still very secure)