Leke
Reputation: 883
How to use bcrypt with php for password authentication?
I tried the top solution post from How do you use bcrypt for hashing passwords in PHP? but can't seem to get an example working. I copied the Bcrypt class and added the following code at the bottom of it.
$bcrypt = new Bcrypt(15);
// pw on server. Used $pwHash = $bcrypt->hash($formPassword); to get the hash from 'qwerty'.
$serverPw = '$2a$15$Ty6hIEEWFpUFHoKujvdmw.9kmyrwYip2s8TLdjDfNoVJuQx/TGgwu';
// user enters plain text pw...
$passAttempt = 'qwerty';
// attempt to check the attempted password against the server hashed pasword.
$pwVerify = $bcrypt->verify($serverPw, $passAttempt);
if ( $pwVerify == 1 ) {echo "$pwVerify = true";} else {echo "$pwVerify = not true";}
// I also tried if ($pwVerify) and if ($bcrypt->verify($serverPw, $passAttempt))
// Output is "= not true"
What is wrong here?
Upvotes: 0
Views: 2670
Answers (1)
Ugo Méda
Reputation: 1215
You must store the password AND the salt used when you BCrypt, or you'll never get the same string. This class seems pretty broken to me, don't use it. See this example and the documentation to directly use PHP's crypt function.
Edit : You probably should use PHPPass, seems like a well tested and referenced library.
Upvotes: 2
Related Questions
- PHP - hashing passwords with bcrypt
- how to use correctly bcrypt php class
- BCrypt of PHP cannot verify the password
- Bcrypt security
- How to login with bcrypt
- User authentication using bcrypt
- Bcrypt password_compat PHP library
- Password verifying against database using bcrypt
- How do you verify a password with PHP/MySQL using BCRYPT
- Using bcrypt for user passwords