Hashing password using crypt does not work on the login it displays incorrect pass

Question

I have a register page that allow user to insert password so i need to hash it to become more secure in the database this work fine

but when it come to the login t

Answer 1

If I understand your code correctly, the login-time code is generating a fresh salt, ignoring the one that's stored with the password. Using different salts to hash the same password will generate different hashes.

Either use a constant salt pepper (scroll to the bottom of this answer), as per @c2's answer:

function cryptPass($input, $rounds = 9)
{
  return crypt($input, sprintf('$2y$%02d$mysalt$', $rounds));
}
$hash = cryptPass($pass);   

Or use the same salt both times:

// Login time (register-time code is unchanged)
function cryptPass($input, $salt, $rounds = 9)
{
  return crypt($input, sprintf('$2y$%02d$%s$', $rounds, $salt));
}
function checkPass($freshPass, $hashFromDatabase) {
  $salt = explode('$', $hashfromDatabase, 5);
  $salt = $salt[3];
  return cryptPass($freshPass, $salt) === $hashFromDatabase;
}