Reputation: 135
password_verify() not working in php
I have created a password using password_hash like so:
$password = password_hash('password123', PASSWORD_DEFAULT);
This is stored in a MySQL database in a column with varchar(60).
In my login form, I use:
if(password_verify($password, $foundUser->Password){
/*login*/
}
where $password is the plaintext input from the login form and $foundUser->Password is the hash that is stored in the database, but the password_verify() function is always returning false.
I have checked my inputs using the following code:
echo "Password: {$password} <br>";
echo "Found password: ".$foundUser->Password."<br>";
which outputs:
Password: password123
Found password: $2y$10$8.ICQHCyCPzS.xygPO4cfuHsHZb6Kuxynn8/uUHOU1.7gY.UhSIXa
so I am reasonably confident I'm typing the right password in and getting the right hash from my database.
I have looked at the links in this question for answers but haven't made it work yet. Does anyone have any ideas why password_verify() is returning false?
Upvotes: 1
Views: 4915
Answers (4)
Reputation: 11
I face the same problem like yours and I finally found that trim() will do the magic.
$userpasswd = trim($_POST['user_input_pw']);
Fetch from table:
$savedhash = trim($row['row_header']);
Password verify BCRYPT PHP:
if(password_verify($userpasswd, $savedhash)){
/* Do something */
} else {
/* Do nothing */
}
Hope it helps.
Upvotes: 1
Reputation: 135
Solved my own problem guys. As per @martinstoeckli and @Narf suggestions I changed the way I was debugging it and found that the problem wasn't with password_verify() but with the way I was handling the output. Sorry for the run around and thanks for all your help.
Upvotes: 0
Reputation: 822
There is a Caution in php manual for password_hash() function :Using the PASSWORD_BCRYPT as the algorithm, will result in the password parameter being truncated to a maximum length of 72 characters. please read this http://php.net/manual/en/function.password-hash.php
maybe you need to change that mysql column from varchar(60) to varchar(73) or bigger. you can use type text also.
Upvotes: 0
Reputation: 19
set database column value more than 60 because encrypted password characters may be more than 100. And $password = password_hash('password123', PASSWORD_DEFAULT); this function return encrypted password that may change every time.
Upvotes: 1
Related Questions
- password_verify() against MySQL doesn't work
- password_verify does not work
- PHP password_verify not working against database
- hash variable not work in password_verify () php
- php password_hash and password_verify looked all over still doesn't work
- Password_verify in PHP
- Verify password hash using password_verify and MySQL
- PHP password_verify() not working with database
- password_verify php not match
- PHP - password_verify issue