Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
This time i am trying to make a last seen on user profiles. I've added a column called lastseen in my phpmyadmin with type "DATETIME". When a user logs out, the lastseen should update to the date and hour it currently is. So i made an SQL in my logout script that updates this value. When i tested it, it was not working as always.. Tried many things but none are helping. I figured out that without my WHERE statement the date just updates as it should, but sadly for all users. So the WHERE statement is required in the SQL. And i added it back after testing without it but it's not working again, wich makes me sure its something with WHERE but i really don't see what.
This is my logout script:
<?php
session_start();
session_unset(); // Well.. One of these two will definitely work!
session_destroy();
// Updating
include('C:\xampp2\htdocs\settings\sh_config.php');
include('./static/index/scripts/session_start.php');
$conn = mysqli_connect($database['host'], $database['user'], $database['password'], $database['db'], $database['port']);
$last_timestamp = date("Y-m-d H:i:s");
$last_user = $_SESSION['username'];
$lastseen_query = mysqli_query($conn, "UPDATE users SET lastseen='$last_timestamp' WHERE username = '$last_user'");
header('Location: /');
$conn->close();
?>
The include of "sh_config.php" is private, but i will tell what it does in this script. Well simple answer: i configured the database connection in that file. So everything with $database is configured correctly in that file.
The script of the "session_start.php":
<?php
include('C:\xampp2\htdocs\settings\sh_config.php');
session_start();
// Initializing variables
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect($database['host'], $database['user'], $database['password'], $database['db'], $database['port']);
// REGISTER USER
if (isset($_POST['reg_user'])) {
// Receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$sex = mysqli_real_escape_string ($db, $_POST["sex"]);
$bday = mysqli_real_escape_string($db, $_POST['bday']);
// Form validation: ensure that the form is correctly filled ...
// By adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if (empty($fname)) { array_push($errors, "Firstname is required"); }
if (empty($lname)) { array_push($errors, "Lastname is required"); }
if (empty($sex)) { array_push($errors, "What is your gender?"); }
if (empty($bday)) { array_push($errors, "When is your cakeday?"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// First check the database to make sure
// A user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // If user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "Email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1); // Encrypt the password before saving in the database
$user_ip = $_SERVER['REMOTE_ADDR']; // Getting the IP of the user
$bio = $config['default-bio']; // Setting default biography
$profileimg = $config['default-profileimg']; // Setting default profile image
$timestamp = date('d.m.Y'); // Defining the current date
$query = "INSERT INTO users (username, bio, profileimg, regdate, email, password, firstname, lastname, gender, birthday, ip)
VALUES('$username', '$bio', '$profileimg', '$timestamp', '$email', '$password', '$fname', '$lname', '$sex', '$bday', '$user_ip')";
mysqli_query($db, $query);
session_regenerate_id();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = TRUE;
$_SESSION['success'] = "You are now logged in";
// Generate user id
$generate_id_query = "SELECT id FROM users WHERE username='$username' ORDER BY id";
$get_id = $db->query($generate_id_query);
$gen_id = $get_id->fetch_assoc();
if ($gen_id['id'] <= 0) { // Checking if the user id is a valid id (not below or equal to 0), and if not, displaying a critical error
array_push($errors, "Something went wrong whilst signing up, please refer to the helpcenter. (SE100)");
}
if ($get_id->num_rows > 0 && $gen_id['id'] > 0) { // Redirecting the user to his or her profile if it is a valid id
header('location: /content/users/profile?id=' . $gen_id['id'] . '');
}
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username or email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE ( username='$username' OR email = '$username' ) AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
session_regenerate_id();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = TRUE;
$_SESSION['success'] = "You are now logged in";
// Get user id
$get_id_query = "SELECT id FROM users WHERE username='$username' ORDER BY id";
$get_id = $db->query($get_id_query);
$user_id = $get_id->fetch_assoc();
if ($user_id['id'] <= 0) { // Checking if the user id is a valid id (not below or equal to 0), and if not, displaying a critical error
array_push($errors, "Something went wrong whilst logging in, please refer to the helpcenter. (SE100)");
}
if ($get_id->num_rows > 0 && $user_id['id'] > 0) { // Redirecting the user to his or her feed if it is a valid id
header('location: /content/users/profile?id=' . $user_id['id'] . '');
}
}else {
array_push($errors, "Your credentials do not match our records");
}
}
}
?>
Well, as you see, theres alot of info in it. Basically, this manages everything of registering and logging in and redirecting to the unique profile with the user id. I thought this file might come in handy because the id and username are defined in this file. If you look good, you can see that i included this file to my logout script so the defined words should just work, but they don't. Trying to redefine it in the file without the include, doesn't work either. Oh by the way, i use MySQLi.
Help me out please, thanks already.
You have a bug in your code, in that when a user logs in with their email address that address is stored in $_SESSION['username']. In your log out script you assume that that is in fact their username where in reality it might not be. Change your update query to something like this and your problem might be solved:
UPDATE users
SET lastseen='$last_timestamp'
WHERE username = '$last_user'
OR email = '$last_user';
While this might work I would recommend making use of your precious user id. Instead of comparing strings, which are susceptible to various kinds of errors (letters with wrong case, leading/trailing white space, different encoding, etc.), compare your IDs. This not only makes things less error-prone but will also cut down your computation time, especially in the context of database lookups.
$_SESSION['user_id'] = $user_id['id']; // or $gen_id['id'] in the signup code.
$last_user = $_SESSION['user_id'];
$lastseen_query = mysqli_query($conn, "UPDATE users SET lastseen='$last_timestamp' WHERE id = '$last_user'");
To debug issues like this yourself in the future you can utilize a popular, quick-and-dirty way of dumping the contents of a variable: Print/echo the values of $username and $email when you create a user and echo the value of $username that is used in the above script to update the last seen value in the database like this:
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
var_dump($username);
var_dump($email);
$last_user = $_SESSION['username'];
var_dump($last_user);
If the dump of $last_user matches $email you know that the above bug applies and is the reason why your script(s) misbehave. You might also find there is some issue with the string values (maybe an unintended mutation at some point) which causes the comparison in your SQL query to fail.
Related
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 1 year ago.
My code is working perfectly well in my xampp localhost but when I tried to put my files online it did not work. On localhost, it works perfectly but when I tried it on online server, it connected to the database but does not store the user data and allows entry. What do I need to change here? I tried to include echos along the way and found out all functions till registering the user works (empty username, email, or password, not confirmed password, username exists, password exits). So I am not sure why there is a problem registering the user.
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'rohit', 'mynameis111', 'registration');
// REGISTER USER
if (isset($_POST[''])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: basics.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: basics.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Update: Hi, here is the errors.php file i forgot to add.
And I checked my error log this is what it shows
[26-Mar-2021 10:17:32 UTC] PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in /home/z7mselap8dmo/public_html/server.php on line 33
Line 33: $user = mysqli_fetch_assoc($result);
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
enable error reporting.
For that add this code in start of file
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Perform a query, check for error
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
if(!$result){
echo("Error description: " . $result->error);
}
This question already has answers here:
php mysql issue with check if record exist before insert
(4 answers)
Closed 3 years ago.
I'm coding PHP system , and I want it to check if the username is available in register page. I want to avoid two users in database with same username
I tried a lot of things but didn't get it to work.
This is my config.php:
// REGISTER USER
function register(){
// call these variables with the global keyword to make them available in
function
global $db, $errors, $username;
// receive all input values from the form. Call the e() function
// defined below to escape form values
$username = e($_POST['username']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, user_type, password)
VALUES('$username', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "New user successfully created!!";
header('location: dashboard.php');
}else{
$query = "INSERT INTO users (username, user_type, password)
VALUES('$username', 'user', '$password')";
mysqli_query($db, $query);
// get id of the created user
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}
}
}
You should add a new error handle, checking if the username exist in the database.
$query="SELECT COUNT(username) as counter FROM users WHERE username='$username'";
$checkusername=mysqli_query($db, $query);
if($checkusername[0]->counter){
array_push($errors, "The username is already taken");
}
//Here your insert logic
I am creating a simple registration page using IBM Db2 and PHP and all my data is saved in the Db2 database. However, I can't keep the constraint of already existing username. It is registering the user even if the username is already there in Db2. Also, it is logging in with any password entered!
I couldn't understand when the entries are shown in the database it means the data has found the right connection to the database. Then why it is not catching the constraints logic.
I just changed the MySQL functions in Db2 for PHP and there are some functions which are giving me error vibes like db2_exec() and db2_fetch_assoc.
$user_check_query= "SELECT * FROM users WHERE username ='$username'"
$result = db2_exec($db,$user_check_query);
$user = db2_fetch_assoc($result);
if(!empty($user)){ // Not empty mean database already exist this username
array_push($errors,"Username exists");
}
the above raised query is solved in the following code snippet;
if(isset($_POST['signup'])){
$username = ($_POST['username']);
$email = ($_POST['email']);
$password = ($_POST['password']);
$confirm_password = ($_POST['confirm_password']);
//form validation
if(empty($username)) {array_push($errors, "Username is required");}
if(empty($email)) {array_push($errors, "Email is required");}
if(empty($password)) {array_push($errors, "Password is required");}
if($password != $confirm_password) {array_push($errors, "Passwords do not match");}
if(strlen($password)<6){array_push($errors, "Password must be at least 6 characters long");}
if (!preg_match($password_requirements, $password) ) {array_push($errors,"Password must contain at least one upper case , one lower case and one digit" );}
//check db for existing user with same username
$check_username = "SELECT * FROM people WHERE username = '$username'";
$check_email = "SELECT * FROM people WHERE email = '$email'";
$res_username = db2_exec($db, $check_username);
$user_username = db2_fetch_assoc($res_username);
$res_email = db2_exec($db, $check_email);
$user_email = db2_fetch_assoc($res_email);
if(!empty($user_username)){
array_push($errors, "Username already exists!");
}
if(!empty($user_email)){
array_push($errors, "Email already exists!");
}
//register user if no error
elseif (count($errors) == 0) {
//$password = md5($password);
$query = "INSERT INTO people (username, email, password)
VALUES ('$username', '$email', '$password')";
db2_exec($db,$query) or die("couldn't execute query..".db2_stmt_errormsg());
$_SESSION['username']= $username;
$_SESSION['success']= "You are now logged in";
//echo "you are now logged in";
header('Refresh: 0; URL=index.php', true, 301);
}
}
Just add another query to check username and password
$check_username_password= "SELECT * FROM users WHERE username ='$username' AND
password = '$password'";
$result = db2_exec($db,$check_username_password);
$user = db2_fetch_assoc($result);
if(!empty($user)){ // username match with the password
// Set your session here
// Redirect to the page you want
}
else{
// Show your error here
}
Creating a user saves the info into the database, but when I try to sign it just automatically signs in, whether the information was stored in the database or not. Please help.
This is my server.php code i think the issue lies in here but im not sure.
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'dbuser', 'dbpassword', 'dbname');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM loginsystem WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO loginsystem (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: home.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password_1']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: home.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
?>
With my login.php being
<?php include('includes/server.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Clout-Cloud | LOGIN</title>
<link rel="stylesheet" type="text/css" href="css/style3.css">
</head>
<body>
<div class="container">
<section id="content">
<h1>CloutCloud Login</h1>
<div>
<form method="POST" action="login.php">
<div class="input-group">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" required>
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1" required>
</div>
<div class="input-group">
<button type="submit" class="button" name="login_user">Login</button>
</div>
<p>
Lost your password?
Register
</div>
</div>
</div>
</form><!-- form -->
</div>
</section><!-- content -->
</div><!-- container -->
</body>
I dont see where im really going wrong, but there is an issue. Please help me resolve.
Update
I've tried getting results from my dabatase using the code
$password = md5($password);
$query = "INSERT INTO loginsyle (username, password)
VALUES('$username', $password')";
while($row = mysqli_fetch_assoc($result)) {
$username = $row['username'];
$password = $row['password'];
}
}else {
array_push($errors, "Wrong username/password combination");
}
to try and get my results from my query. although i think part of this has fixed part of the issue of just being able to sign in with random info and without registry,but now im getting the errors
Notice: Undefined variable: result in /home/u572108555/public_html/includes/server.php on line 72
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in /home/u572108555/public_html/includes/server.php on line 72
what could be causing this? am i trying to grab the results from my query the wrong way?
You aren't validating the results of the query.
You should check the number of results returned = 1, less than that (0) = user details dont match. more than that (2+) and you have an issues with overlapping login credentials or a bad query.
I'd also recommend against using MD5 as your encryption
as other have mentioned, you are vulnerable to SQL Injection, use strip slashes and escapes to combat this, like this
$myusername = stripslashes($myusername);
$myusername = mysqli_real_escape_string($myusername);
to find out the number of results you have you can use a function like this
$sql="SELECT * FROM $tbl_name WHERE ID='$myusername' and password= '$password'";
$result=mysqli_query($sql);
// Mysqli_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// user is logged in
}
You don't seem to validate the result of $results = mysqli_query($db, $query). Following is the code indicating what you need to do.
$results = mysqli_query($db, $query);
// Here you have to check the $result and see if you have one record selected.
// However you are not doing that currently.
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
On a side note, the way you are doing this seems to have a multitude of flaws.
One file named server.php has all routines. This will make you end up with one monolithic file, which is far from maintainability.
Your SQL queries are vulnerable to SQL injections. Use prepared statements instead of what you are doing right now.
MD5 is long known to have collisions hence abandoned a long time ago. Even SHA1 is known to be not so secure. Go for something like SHA256 or even better if it is BCrypt or Blowfish.
When you validate login just don't validate the number of records in the result set. Instead, check if it has exactly one record, and the record values are matching.
I'm trying to make a login system (already have registration system complete) with password_hash() and password_verify() but it isn't working for me. I've been trying to find an answer this whole morning and yet can't seem to make it work, I've watched codecourse tutorials, read blog posts and nothing. The tutorial I've been following the most is this one.
<!-- login -->
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
$errors = array();
error_reporting(E_ALL);
ini_set('display_errors', 1);
//Basic validation
if(empty($_POST['username'])){
$errors[] = "Please enter your username";
}else{
$username = $mysqli->real_escape_string($_POST['username']);
}
if(empty($_POST['password'])){
$errors[] = "Please enter your password";
}else{
$password = trim($_POST['password']);
}
if (empty($errors)) {
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $mysqli->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if(password_verify($password, $row['password'])) {
echo 'test';
$_SESSION['user']['user_id'] = $row['user'];
header("Location: google.com");
exit();
}else{
$errors[] = "The username or password do not match";
}
}else{
$errors[] = "The username or password do not match";
}
}
}
?>
<!-- register -->
<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['password'];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$confirm_password = mysqli_real_escape_string($conn, $password);
$ip = $_SERVER['REMOTE_ADDR'];
if(empty($username) || empty($password) || empty($confirm_password)) {
$error = "Fill in the missing fields";
} else {
$sql = "INSERT INTO users VALUES('', '$username', '$hashed_password', '$ip', 'User')";
if($conn->query($sql) === TRUE) {
$error = "Your account has been created.";
} else {
$error = "Your account has not been created, please try again later.";
}
}
}
?>
The end result product is supposed to login in successfully and redirect, I'm using PHP 5.6 and running on localhost XAMPP.
You'll never get a match because you're using
$password =mysqli_real_escape_string($conn, $_POST['password']);
to store the password and then not using it on verification. Instead you use
$password = trim($_POST['password']);
Make sure you don't escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. The password_hash() function can generate some very lengthy text (the current default is 60 characters), so make sure the field in your database is large enough to accommodate the hash. Setting the field larger now will allow for the length needed. The PHP team is adding more algorithms to the method which means the hash can and will grow.