Reputation: 434
PHP password_verify always returning false
Hi there I am trying to hash my passwords with password_hash() in PHP. This part is fine but to compare the hash is returning false no matter what. To log in I check the user account database and grab the password hash then compare it to the password typed in. My code looks like this:
$password = $_SERVER["PHP_AUTH_PW"];
$hash = $row["password"];
if (password_verify($password, $hash)) {
// CREATE SESSION VARIABLES //
}
else{
header("HTTP/1.1 404 Not Found");
}
As you can see the password that is typed in is brought over in the HTTP header. I didn't think this would mess with the password string as I can compare this directly to the password in the database (without hashing). Any ideas? I have triple checked my version of PHP and I can hash the password so that's not it.
Upvotes: 1
Views: 2535
Answers (1)
Reputation: 434
So nothing wrong with the password_verify() function. There was an added bit of string in the password_hash() function. I copy and pasted this function from the official documentation:
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."\n";
The ."\n" bit at the end was not being accounted for at the verify function. This was only here due to the coping and pasting so once I removed it, it was fine. Hope this helps others in the future.
Upvotes: 2
Related Questions
- Password_verify doesn't check correctly
- PHP Password verify always returns false
- password_verify Always Returns False, even with proper variables used
- password_verify returning false with correct password
- password_verify() not verifying
- password_verify is not returning true
- issue with password_verify()
- password_verify doesn't return true whatever I'd do