Al-siddiq Al-siddiq - 1 month ago 11
PHP Question

Matching user's password with hashed password stored in DB

Somebody should pls guide me on how i can fetch out hashed password from database and match the password entered by a user when login in
i used php crypt() function with bcrypt algorithms to hash the password when registrian the user
thank you all in advance

Jim Jim
Answer Source

From the documentation:

$hashed_password = crypt('mypassword'); // let the salt be automatically generated
if (crypt($user_input, $hashed_password) == $hashed_password) {
   echo "Password verified!";

You need to pass in the original hash, otherwise crypt will generate a random salt and the passwords are very unlikely to match. I.e.

//BROKEN - will almost always print "Bugger off!".
$hash = crypt('Hello world');
$attempt = crypt('Hello world');
if($hash === $attempt){
    echo "Access granted!";
    echo "Bugger off!";