Skip to content
Advertisement

PHP Password verify always returns false

I’m using PHP’s password hashing API to hash and verify my passwords on a site I’m building, however whenever I try and verify my password it always returns false.

I have a User class which sets the password before they are inserted into the database:

JavaScript

If the username and email is unique the new user row is inserted – upon checking my database I have what seems to be a valid BCRYPT string for my password:

JavaScript

To verify my password, I run the following script:

JavaScript

$hash pertains to the string quoted above, however when I then call password_verify($password, $hash) where $password is the plain-text password retrieved from my input field, I always receive a value of false.

Advertisement

Answer

The given hash string example has 50 characters instead of 60. Double-Check the database – CHAR(60) – and var_dump($hash).

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement