Install 2.3 | blowfish, ZendServer, Exception 'Unable to generate password hash'

[stefan]

Hello community,

iam using Zend Server (PHP-Version fast-cgi 5.3.8-ZS5.5.0). A fresh install of 2.3 results in an Exception shown below.

The solution for me was tweaking the Password::supportsBlowfish (just return "false"). After the installation i removed the tweak and all is working as expected. Same procedure with a xampp stack (PHP as module 5.3.8) running through without complications.

Error: Uncaught exception 'WireException' with message 'Unable to generate password hash' in E:\htdocs\apps\cms\pwtest\wire\core\Password.php:270
 Stack trace:
 #0 E:\htdocs\apps\cms\pwtest\wire\core\Password.php(106): Password->hash('stefan')
 #1 [internal function]: Password->___setPass('stefan')
 #2 E:\htdocs\apps\cms\pwtest\wire\core\Wire.php(271): call_user_func_array(Array, Array)
 #3 E:\htdocs\apps\cms\pwtest\wire\core\Wire.php(229): Wire->runHooks('setPass', Array)
 #4 E:\htdocs\apps\cms\pwtest\wire\core\Password.php(73): Wire->__call('setPass', Array)
 #5 E:\htdocs\apps\cms\pwtest\wire\core\Password.php(73): Password->setPass('stefan')
 #6 E:\htdocs\apps\cms\pwtest\wire\modules\Fieldtype\FieldtypePassword.module(72): Password->__set('pass', 'stefan')
 #7 E:\htdocs\apps\cms\pwtest\wire\core\Page.php(462): FieldtypePassword->sanitizeValue(Object(User), Object(Field), 'stefan')
 #8 E:\htdocs\apps\cms\pwtest\wire\core\Page.php(379): Page->setFieldValue('pass', 'stefan', true)
 #9 E:\htdocs\apps\cms\pwtest\wire\core\Page.p (line 270 of E:\htdocs\apps\cms\pwtest\wire\core\Password.php) 

This error message was shown because /install.php still exists. Error has been logged.

This line tells something, but i am not sure what

hash('blowfish','mystring',false);

says:

xampp (php as module): "Unknown hashing algorithm: blowfish" 

zendServer: "false"

maybe this can be a help for others with the same environment.

adios, Stefan

[ryan]

Thanks for the report. Where did you find this line?

hash('blowfish','mystring',false);

That line does not appear in ProcessWire (as far as I know). The PHP error you got is correct, because "blowfish" is not a valid hashtype for the hash() function. Blowfish hashes are generated by PHP's crypt() function. It should not be possible for ProcessWire to call the hash() function with "blowfish" because here is the code (shortened):

if(!$hashType) {
  // (ancient backwards compatibility)
  $hash = md5($pass);

} else if($hashType == 'blowfish') {
  if(!$this->supportsBlowfish()) {
    throw new WireException("This version of PHP is not compatible with the passwords.");
  }
  // our preferred method: blowfish
  $hash = crypt($pass, $salt);
	
} else {
  // older style (sha1), when no blowfish support
  $hash = hash($hashType, $pass, false);
}

The mystery is how your hash() function was called with "blowfish", when it shouldn't be possible with the above if() statement. Let me know if I'm misunderstanding. Overall though, it sounds like your PHP is reporting that it does support blowfish, but then failing when we ask it to generate a blowfish hash. I'm wondering if there is some PHP bug related to this in 5.3.8. If so, I could have it detect when it's got the buggy PHP version and fall back to non-blowfish.