enveetee Posted January 21, 2015 Share Posted January 21, 2015 <Newbie>My learning curve is almost vertical at the moment</Newbie> Over the last few months I have started migrating my VB application. Development has been on a PHP 5.5.16 system I have signed up to a hosting company which supports PHP 5.4.34 and my system does not work. Much digging and learning I discovered the password_hash function (using PASSWORD_BCRYPT) is causing the issue on the hosted 5.4 system So question is this. I would like to continue with 5.5 but I need to know what features/functions are not in 5.4 (is there a list) and is there a list of workarounds to help me implement 5.5 functionality in a 5.4 install Thanks Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/ Share on other sites More sharing options...
QuickOldCar Posted January 21, 2015 Share Posted January 21, 2015 http://php.net/manual/en/migration55.incompatible.php http://php.net/manual/en/migration55.new-features.php Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/#findComment-1503592 Share on other sites More sharing options...
QuickOldCar Posted January 21, 2015 Share Posted January 21, 2015 You should add to check if the function exists and take different actions if (function_exists('password_hash')) { //use password_hash } else { //use crypt blowfish with a salt http://php.net/manual/en/function.crypt.php } blowfish is only available 5.3+ A function I found on the net function generateHash($password) { if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); return crypt($password, $salt); } } can also do something like this function salted_pass($value) { if (!$value) { $value = "some-default-value"; } $salt = mcrypt_create_iv(22, MCRYPT_RAND); $salt = base64_encode($salt); $salt = str_replace('+', '.', $salt); return crypt($value, '$2y$10$' . $salt . '$'); } mcrypt_create_iv Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/#findComment-1503593 Share on other sites More sharing options...
mac_gyver Posted January 21, 2015 Share Posted January 21, 2015 there's a set of user written functions that provide the same functionallity as the php5.5 password hash functions - https://github.com/ircmaxell/password_compat Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/#findComment-1503594 Share on other sites More sharing options...
enveetee Posted January 21, 2015 Author Share Posted January 21, 2015 You should add to check if the function exists and take different actions if (function_exists('password_hash')) { //use password_hash } else { //use crypt blowfish with a salt http://php.net/manual/en/function.crypt.php } blowfish is only available 5.3+ A function I found on the net function generateHash($password) { if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); return crypt($password, $salt); } } can also do something like this function salted_pass($value) { if (!$value) { $value = "some-default-value"; } $salt = mcrypt_create_iv(22, MCRYPT_RAND); $salt = base64_encode($salt); $salt = str_replace('+', '.', $salt); return crypt($value, '$2y$10$' . $salt . '$'); } mcrypt_create_iv Thanks for the reply, which raises another question: If I use a Blowfish replacement (5.4) and PHP is updated to 5.5, will the Blowfish function be compatible with the replacement you suggest? Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/#findComment-1503595 Share on other sites More sharing options...
enveetee Posted January 21, 2015 Author Share Posted January 21, 2015 Thanks for the replies folks, I can't thank you individually (some sort of limit!) Link to comment https://forums.phpfreaks.com/topic/294096-developed-on-5516-deployed-to-5434-issues/#findComment-1503604 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.