problems validating password hash in php

Asked

Viewed 199 times

2

When creating a user, I do the following to criptografar the password:

$options = ['cost' => 12];
$encripted = password_hash($this->input->post('senha'), PASSWORD_BCRYPT, $options);

When logging in I do the following:

$result = $this->db->get('users');
$db_password = $result->row(2)->senha;
if (password_verify($senha, $db_password)) {
    return true;
} else {
    return false;
}

But I always fall in the FALSE.

OBS: I put a print_r to verify the value of the db_password brings the hash correct.

php

  • It looks normal, try using the PASSWORD_DEFAULT hashed.

  • It does not cost to ask: checked if the hash is being truncated in the database, for example, let’s say that the field of the database is varchar(50). In the case of the PASSWORD_BCRYPT algorithm 60 characters are required.

  • Our... worst... that’s right... boy didn’t even realize it. rsrssr.. thank you

1 answer

0


Your question was answered in the comment, I’m just rewriting and adding more details, in case someone comes to have the same problem.

The function password_hash() has two supported algorithms, being them:

  1. PASSWORD_DEFAULT
  2. PASSWORD_BCRYPT

The PASSWORD_DEFAULT currently uses bcrypt. It is designed to be changed when new, stronger algorithms are implemented in PHP. So it currently requires 60 characters, but it is recommended to store it in larger columns. The PHP manual recommends that storing in a column of 255 characters would be sufficient.

Meanwhile the PASSWORD_BCRYPT will use the function crypt(). The result will always be 60 characters. In this case there is no intention of PHP to change this, so storing in a 60-character column is sufficient. Remember that if you use the PASSWORD_BCRYPT the password must have a maximum of 72 characters.

Not having enough space to be stored, as in your case, will result in error.

See the manual for more information: http://php.net/manual/en/function.password-hash.php

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.