The supplied password is incorrect.

[GoogleCodeExporter]

What steps will reproduce the problem?
1.I have installed twice r514 on remote server (automatic installation).
Admin login   -->   Password incorrect.  No luck..........
2.I have installed on r514 local server
Admin login  -->   Password works
3.As recommended on Issue 336,  I have transfer the full folder from my local 
server --> remote server
Admin login   -->  Passwork incorrect

What is the expected output? What do you see instead?
Login should work       -->  The supplied password is incorrect.

What version of the product are you using? On what operating system?
r514 local server is win 7 64, apache 2.2.22, PHP 5.3.13, MySql 5.5.24
r514 remote server is linux, apache ???, PHP 5.2.17, MySql 5.095

Please provide any additional information below.
login user and password are identical on database/tbl_users of local and remote 
server.

Original issue reported on code.google.com by pmillet...@gmail.com on 24 Jan 2014 at 11:07

[GoogleCodeExporter]

Could you please edit the admin user on the remote server (directly edit the 
database field) and use this as the password?

$2a$08$6qTwTh/9hvMGD.h/iLlQXuu5TMdg0Rn6XSjVLyYgyLnIpjx5BygjW

then login with thepassword as password

Original comment by i...@subwaydesign.com.ar on 25 Jan 2014 at 2:12

[GoogleCodeExporter]

Enclosed updated.(pix)
Same issue pwd= thepassword
The supplied password is incorrect

Original comment by pmillet...@gmail.com on 25 Jan 2014 at 3:53

[GoogleCodeExporter]

Following up
Apparently check_password  is  bol=(false)
I change  line 89 from index.php

if (!$check_password) {
  to

if (!$check_password==1) {

It works for me..
Please let me know if it solve for other?

Pierre

Original comment by pmillet...@gmail.com on 25 Jan 2014 at 5:02

[GoogleCodeExporter]

How long is the password field in the database? It should be 60 chars in length.

Original comment by i...@subwaydesign.com.ar on 25 Jan 2014 at 5:05

[GoogleCodeExporter]

Here's another option:
Please change line 28 of index.php 
from
$sysuser_password = mysql_real_escape_string($_POST['login_form_pass']);

to
$sysuser_password = $_POST['login_form_pass'];

Let me know if that works please

Original comment by i...@subwaydesign.com.ar on 25 Jan 2014 at 5:08

[GoogleCodeExporter]

I try  doesn't work

I am sticking with
if (!$check_password==1) {
Try twice ..... No problem
because if u do a var_dump ($db_pass) it is correct.
It is pass mid-nite for me.  Good nite.

Original comment by pmillet...@gmail.com on 25 Jan 2014 at 5:24

[GoogleCodeExporter]

6:30am
I tought
if{!check_error ==1} was a bad idea, because any password will work  if 
booleanl is false.
My question is
why
define('HASH_COST_LOG2', 8); in sys.vars.php
should be
define('HASH_COST_LOG2', 9)
Iam out until Tuesday.
Good luck

Original comment by pmillet...@gmail.com on 25 Jan 2014 at 12:23

[GoogleCodeExporter]

I apology for the latest replies, but I knew nothing about phpass.

Last night, I read http://www.openwall.com/articles/PHP-Users-Passwords and
one paragraph attract my attention as follow

"Note that we don't bother producing proper HTML output in *fail()*. For
our sample program, it is simpler to produce plain text output. Let's set
the HTTP header accordingly such that the web browser does not attempt to
parse our script's output as HTML:

header('Content-Type: text/plain');"

I realize that you can not insert this header in the index page; because
the text/plain will apply to the all page (page rendering with html code).

So I add

enctype="multipart/form-data"

to the form

<form action="index.php" method="post" name="login_admin" role="form"
enctype="multipart/form-data">

I ask for a new password
Forgot your password? Set up a new one.

I input the password : thepassword
and guess what?  the hash is different of your hash.

##### Begin debug using var_dump
This is the hash from the db: string(34)
"$P$Bsa.gqLBb.D7XaKDOVTzlha4Qe7DLr1"
This is the level user from the db: string(1) "9"
This is the input pwd: string(11) "thepassword"

Check if it pass: bool(true)
##### End debug

TRUE

It works!!!!!!!!!!!!!!!!!!!!  PROBLEM SOLVE...........

 When I use your hash

##### Begin debug using var_dump
This is the hash from the db: string(60)
"$2a$08$6qTwTh/9hvMGD.h/iLlQXuu5TMdg0Rn6XSjVLyYgyLnIpjx5BygjW"
This is the level user from the db: string(1) "9"
This is the input pwd: string(11) "thepassword"

Check if it pass: bool(false)

##### End debug

FALSE

The supplied password is incorrect.

*Note:*
I try on my remote server with different pwd, and all the hash have 34
characters even if I use a pwd with 50 characters. I will do further
reading..... May be PHP 5.0? I will try on my computer with different PHP
version.

Other suggestions from  http://www.openwall.com/articles/PHP-Users-Passwords

function get_post_var($var)
    {
        $val=$_POST [$var];
        if (get_magic_quotes_gpc())
            $val =stripslashes ($val);
        return $val;
   }
in my phpinfo, magic_quotes_gpc is turn off, it might not be the case for
some other servers.

and finally  use mysqli or PDO (my preference).

Hope to having been helpful and thank in advance for the credit.

Original comment by pmillet...@gmail.com on 26 Jan 2014 at 7:00

[GoogleCodeExporter]

The solution is to regenerate the password hash in the database.

Make this file hasher.php in the root directory.

<?php
require_once('sys.includes.php');
$enc_password = $hasher->HashPassword("my-password-123");
echo $enc_password;
?>

NOTE: Change "my-password-123" to what you want, then goto the page 
http://yoursite.com/hasher.php in your browser.

You should see the hash to put in your databases Password field. 

Original comment by I3L1N...@gmail.com on 23 Jun 2014 at 4:39