Why Are Hashed Passwords Not Matching Using password_hash() and password_verify()?

PHP password_hash(), password_verify()

Problem:

A registration script using password_hash() for password encryption and a login script using password_verify() for password verification are not matching passwords correctly.

Answer:

Here's a breakdown of the issue and a code solution:

Key Points:

• password_hash() creates a hashed representation of the provided password using a specified algorithm.
• password_verify() compares a provided password to a hashed password, returning true if they match.
• The password_verify() function requires the original hashing algorithm to be used in the comparison.

Issue and Solution:

The problem arises when using different algorithms for hashing and verification. The error you received ("Nope. Passwords") indicates that the hashed password stored in the database does not match the un-hashed password entered during login.

Revised Code:

Registration (Hashing):

<code class="php">$password = password_hash($password, PASSWORD_DEFAULT); // Using PASSWORD_DEFAULT or specific algorithm</code>

Login (Verification):

<code class="php">if (password_verify($pwd, $row['password'])) {
    // Password matches...
}</code>

Footnotes:

• Ensure the password column in the database is sufficiently long (e.g., VARCHAR(255)) to accommodate the hashed password.
• Use prepared statements for security and prevent SQL injection.

The above is the detailed content of Why Are Hashed Passwords Not Matching Using password_hash() and password_verify()?. For more information, please follow other related articles on the PHP Chinese website!