Home >Backend Development >PHP Tutorial >Why is `password_verify` Returning False in PHP?

Why is `password_verify` Returning False in PHP?

Patricia Arquette
Patricia ArquetteOriginal
2024-12-04 06:26:13913browse

Why is `password_verify` Returning False in PHP?

Why is password_verify Returning False?

When attempting to validate a password using PHP's password_verify function as seen below, you may encounter false positives:

if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
    // ...
}

Cause:

The issue likely stems from the length of your password hash column in the database. According to the PHP manual, it's recommended to store password hashes in a column capable of accommodating at least 255 characters. This ensures compatibility with the bcrypt algorithm, which is notoriously length-sensitive.

Solution:

Extend the length of your password hash column in the database to at least 255 characters. To do this, modify your database schema accordingly, as shown below:

ALTER TABLE users MODIFY COLUMN user_password_hash VARCHAR(255);

This will allow password_verify to accurately validate passwords by comparing them to the stored hashes.

The above is the detailed content of Why is `password_verify` Returning False in PHP?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn