PHPass returns error

Question

In my functions file I have this code:

function password($password, $dbpassword = false){
    if($dbpassword){
        $password = mysqli_real_escape_string($GLOBALS["mysqli"], $_POST["$dbpassword"]);
        if(empty($password))
            $password = mysqli_real_escape_string($GLOBALS["mysqli"], $_GET["$dbpassword"]);
            if(empty($password))
                return false;
    }
    $hasher = new PasswordHash(8, false);
    if (strlen($password) > 72)
        return false;
    else{
        if($dbpassword){
            $check = $hasher->CheckPassword($password, $dbpassword);
            if ($check)
                return true;
            else
                return false;
        }else{
            $hash = $hasher->HashPassword($password);
            if (strlen($hash) >= 20) 
                return $hash;
            else
                return false;
        }
    }
}

and in another file (with includes to functions and to the PHPASS php file) I have this code:

$pass = password("Vlad");
if(password("Vlad", $pass)){
    echo 11;
}else{
    echo 22;
}

It returns 22. Why is that?

Answer 1

When you call your password function with a second variable that is not NULL, it will return false unless a POST or GET variable is set when you call your page.

The name of that POST or GET variable needs to be the password hash of the password you hashed the first time you used your function as you are using:

$_POST["$dbpassword"]

or

$_GET["$dbpassword"]

I doubt that the name of the form-field in your form is changing constantly so that would explain why the function always returns false the second time you call it.