1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Rep Power

    Bcrypt passwords in a database


    I'm currently using this tutorial to guide me and I'm trying out some of the examples but I don't really understand it.

    The version of PHP I'm using is 5.3.27 so I'm using this compatibility library.

    Okay, so my code for registering a user is below:
    $options = array('cost' => 11);
    $password = password_hash($password, PASSWORD_BCRYPT, $options);
    It takes the password inserted into a form, then I take the outputted $password and enter it into the database.

    For the password verify bit, I have:
    $hash = '$2y$11$6SXlwd2iKZcYuz9guncYXe39/x6lUR5u4EfJQr.qKhEPAuXFgLWeS';

    if (password_verify($password, $hash)) {
    echo 'Password is valid!';
    } else {
    echo 'Invalid password.';
    That works fine, except I need to grab the hash from the database. When I try to match that to the password entered into a form to the hash from the database, it comes up with invalid password.

    I think I'm doing this completely wrong.

    Can anyone help me out please?

    Last edited by ManiacDan; August 23rd, 2013 at 06:55 AM. Reason: removed sig
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Rep Power

    we need concrete info.

    What's the definition of the database column you store the hash in? Most importantly: What's its data type? Anything other than CHAR(60)?

    Also show us var_dump()s of all relevant variables:

    • The password before you hash it
    • The hash before you store it in the database
    • The hash as you retrieve it from the database
    • The password you match against this hash.

    Post the full var_dump() including the length information.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo