I am trying to verify an encrypted password but for some reason it is always invalid.
What am I doing wrong?
For example my password would be 'test' , so I do this:
$hash = '$2y$10$4Ed6XtU2E6qjzSOSUOA0xuBEA0sokTJMrDBH5ttgJzMVXSh0muoX.';
$password = 'test';
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
But password 'geheim123' does work with this hash:
$hash = '$2y$10$LY0l0pOc8vLCzI.VvxK3gOTlXoVwnP2dlAzicj9uE62Q39XfeTY/6';
$password = 'geheim123';
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
What can be the reason the second one works, but the other one doesn't?
This is where I encrypt my passwords:
$pass = password_hash($_POST['password'], PASSWORD_DEFAULT)."
";
it seems you "test" password has no salt.
re hash your password like
echo password_hash("test", PASSWORD_DEFAULT)."
";
this has given me this $2y$10$4a8QVv3VZNnXpgbT66I1He6eHqYBj.N94GIS7yHMoEW2Eb1Eq003O but you may get a new hash not this when you run that code. but it will still give the same valid status
$hash = '$2y$10$4a8QVv3VZNnXpgbT66I1He6eHqYBj.N94GIS7yHMoEW2Eb1Eq003O';
$password = 'test';
if (password_verify($password, $hash)) {
echo 'Password is valid!'; // okay
} else {
echo 'Invalid password.';
}