php - Failing to verify crypt password -

what using verify

// username , password sent form  $myusername= filter_var($_post['myusername'], filter_sanitize_string);  $mypassword= filter_var($_post['mypassword'], filter_sanitize_string);   $sql = $dbh->prepare("select * $tblname userlogin='$myusername'"); $sql->execute(); $sql = $sql->fetch();  $password_hash = $sql['userpass'];  /*** close database connection ***/ $dbh = null;  if(crypt($mypassword, $password_hash) == $password_hash){ 

what using create password

$salt = blowfishsalt(); $mypassword = crypt($mypassword, $salt);  $stmt = $dbh->prepare('insert users(userlogin, userpass, useremail, admin) values(:userlogin, :userpass, :useremail, :admin)'); $stmt->execute(array(     ':userlogin' => $myusername,     ':userpass'  => $mypassword,     ':useremail' => $myemail,     ':admin'     => $admin )); 

blowfishsalt()

function blowfishsalt($cost = 13) {     if (!is_numeric($cost) || $cost < 4 || $cost > 31) {         throw new exception("cost parameter must between 4 , 31");     }     $rand = array();     ($i = 0; $i < 8; $i += 1) {         $rand[] = pack('s', mt_rand(0, 0xffff));     }     $rand[] = substr(microtime(), 2, 6);     $rand = sha1(implode('', $rand), true);     $salt = '$2a$' . sprintf('%02d', $cost) . '$';     $salt .= strtr(substr(base64_encode($rand), 0, 22), array('+' => '.'));     return $salt; } 

had remove {} function format correctly in stackoverflow. storing password in mysql database char(128).

you have in verification code:

crypt($mypassword, $password_hash) 

and creation code:

$mypassword = crypt($mypassword, $salt); 

surely these should both use $mypassword , $salt?