<?php
require 'password.php';
$hash1 = password_hash('testpassword',PASSWORD_BCRYPT,array('cost' => 11));
$hash2 = password_hash('testpassword',PASSWORD_BCRYPT,array('cost' => 11));
if(password_verify($hash1,$hash2)) echo 'Pass';
else echo 'Fail';
?>
I'm trying to use bcrypt provided by the password_compat library with PHP 5.4.16, but this script always outputs "Fail" even though it's comparing two hashes of the same password, why?
Edit - Just for clarification, I realize the hashes aren't identical, otherwise I'd just compare them instead of using a function.
You need to pass the password and the hash to password_verify()
:
password_verify('testpassword', $hash1)
Note:
testpassword
is password without hash
References:
PS: password_hash
generates different results expectedly, since it contains a random salt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With