Home >Backend Development >PHP Tutorial >Why Does PHP's `password_verify()` Return False Despite Correct Credentials?

Why Does PHP's `password_verify()` Return False Despite Correct Credentials?

DDD
DDDOriginal
2024-12-03 20:19:16762browse

Why Does PHP's `password_verify()` Return False Despite Correct Credentials?

Password_verify Consistently Returning False

Users of PHP 5.5 occasionally encounter an unexpected false return value from the password_verify() function.

Problem

Consider the following code snippet:

// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();

// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
    // ...
}

Despite verifying that the $_POST['user_password'] and $result_row->user_password_hash values are correct, password_verify() continues to return false.

Solution

The issue typically arises due to insufficient column length for storing the hashed password in the database. The PHP manual recommends using a column with a capacity of at least 255 characters, as the hashed password can exceed 60 characters in length.

To resolve this problem, ensure that the database column used to store the hashed password has a sufficient length. Updating the column definition to a length of 255 or more should address the issue and allow password_verify() to function correctly.

The above is the detailed content of Why Does PHP's `password_verify()` Return False Despite Correct Credentials?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn