Login

***jreklund*** · 04-09-2018, 12:50 PM

Which one of the code examples do you have a problem with? I made a coding error in the last post, so I have fixed it.

password_hash always generate a unique hash, but will match with password_verify.
You need to put the password ($_POST) from the user directly inside password_verify. And you need to retrieve the password from the database to be used inside password_verify. You can't match a password with SQL.

PHP Code:
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
} 

All of these will validate against the word 'password'.

Code:
$2y$10$QIuNcD/a//Z.6D0iDzJe9eeN5BtjOfgqwdqKRLB8t15AFVbl9POOu

$2y$10$oWPQL.4mg0XK/9EFjYBATO6hb4edzIfUrAA3Zirqu4tv96kGHvvt2

$2y$10$zkwuzkFJbii42QZjVpfUw.sKqZVAsXfCExW2liMlvb3guB.JsUxTu

$2y$10$GeTvYtMFLq4mB3eaIlz8Pev/pcLqHD1RLoCuy/3r4I0beBzKNT0hG

$2y$10$LOKzF8Ox8yUS9PcDLF3s1OLCzPiM0419znNugPslj8V/yqx1m.NcS

$2y$10$1ofeXPiqPnajZ15fNQLTY.kt66uTemd78z8cp1rMUEHCG7BxK3ecK

$2y$10$ZM0XTjOHkqGFroILJvs1TeKG39P5furPkB.7S940YoTfAsUwPq0sq

$2y$10$cIpKaqhunEE/2oGtowK32O74snnTxXw0AtAlkr0sDJfB20.VI.Ftu

$2y$10$cNjQaFfRKHeC/2q4P9cLouSsWjHEA5NxAy9W8N65r0A9ATKBmcHhe

$2y$10$709VYoupwK/vX2yhOvD/leTzfSYgJrFcXPgkE1bhYTD5RozrmpsrW