hashing password using crypt and blowfish

Question

i have a register page that the user enter a password so i hash this password and it being hashed in the database

but when i try to log in it give me that the password do not match and when i echo it it it do not match like i wrote a new passsword

how to fix this problem can anyone help me ???

cryptpass function in the register

function cryptPass($input, $rounds = 9)
{
    $salt = "";
    $saltChars = array_merge(range('A','Z'), range('a','z'), range('0','9'));
    for($i = 0; $i<22; $i++)
    {
        $salt  .=$saltChars[array_rand($saltChars)]; 
    }
    return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}
$hashedpass = cryptPass($pass1);    

crypt function in login

function cryptPass($input, $rounds = 9)
{
    $salt = "";
    $saltChars = array_merge(range('A','Z'), range('a','z'), range('0','9'));
    for($i = 0; $i<22; $i++)
    {
        $salt  .=$saltChars[array_rand($saltChars)]; 
    }
    return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}
$hashedpass = cryptPass($pass);   
echo $hashedpass;

Answer 1

your password salt needs to be same when it is hashed against the stored password. usually, a random salt is generated by your code when the user registers/changes his/her password. it is then stored alongside the hashed password in the database in some fashion that you can recognize it. you then use that salt to re-hash the password when it comes time to validate the user's input.

Answer 2

The salt you are adding to the password before hashing must be the same every time.

Instead of generating a random salt I would recommend creating an arbitrary constant that you use every time.

$salt = '@#$JASasdjbh&*()';

And, of course, you should change these characters before using them in your own script.