Mixing
Password_verfiy in PHP fails
I am using password_hash on the password and then storing it in a DB. Then when I am using password_verify to check the PW.
My code keeps failing when I use records from my DB. When I hard code the data into the password_verify function, the function returns a True that the password was verified. I'm stumped about this. Where am I going wrong in the process?
My Code:
if(password_verify($_POST["password"],$storedpwd)) {
echo "Password is valid!<br>";
} else {
echo "Invalid password.";
}
Again if I replace $_POST["password"] and $storedpwd with actual data the function works. So where am I going wrong on this?
php login passwords
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
|
show 2 more comments
I am using password_hash on the password and then storing it in a DB. Then when I am using password_verify to check the PW.
My code keeps failing when I use records from my DB. When I hard code the data into the password_verify function, the function returns a True that the password was verified. I'm stumped about this. Where am I going wrong in the process?
My Code:
if(password_verify($_POST["password"],$storedpwd)) {
echo "Password is valid!<br>";
} else {
echo "Invalid password.";
}
Again if I replace $_POST["password"] and $storedpwd with actual data the function works. So where am I going wrong on this?
php login passwords
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
1
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either$_POST["password"]or$storedpwdis not what you think it is. Run var_dump() to verify.
– Alex Howansky
Nov 20 '18 at 19:56
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03
|
show 2 more comments
I am using password_hash on the password and then storing it in a DB. Then when I am using password_verify to check the PW.
My code keeps failing when I use records from my DB. When I hard code the data into the password_verify function, the function returns a True that the password was verified. I'm stumped about this. Where am I going wrong in the process?
My Code:
if(password_verify($_POST["password"],$storedpwd)) {
echo "Password is valid!<br>";
} else {
echo "Invalid password.";
}
Again if I replace $_POST["password"] and $storedpwd with actual data the function works. So where am I going wrong on this?
php login passwords
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
I am using password_hash on the password and then storing it in a DB. Then when I am using password_verify to check the PW.
My code keeps failing when I use records from my DB. When I hard code the data into the password_verify function, the function returns a True that the password was verified. I'm stumped about this. Where am I going wrong in the process?
My Code:
if(password_verify($_POST["password"],$storedpwd)) {
echo "Password is valid!<br>";
} else {
echo "Invalid password.";
}
Again if I replace $_POST["password"] and $storedpwd with actual data the function works. So where am I going wrong on this?
php login passwords
php login passwords
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
asked Nov 20 '18 at 19:48
S. MorrisS. Morris
1
1
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
1
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either$_POST["password"]or$storedpwdis not what you think it is. Run var_dump() to verify.
– Alex Howansky
Nov 20 '18 at 19:56
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03
|
show 2 more comments
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
1
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either$_POST["password"]or$storedpwdis not what you think it is. Run var_dump() to verify.
– Alex Howansky
Nov 20 '18 at 19:56
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
1
1
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either
$_POST["password"] or $storedpwd is not what you think it is. Run var_dump() to verify.– Alex Howansky
Nov 20 '18 at 19:56
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either
$_POST["password"] or $storedpwd is not what you think it is. Run var_dump() to verify.– Alex Howansky
Nov 20 '18 at 19:56
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03
|
show 2 more comments
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400516%2fpassword-verfiy-in-php-fails%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400516%2fpassword-verfiy-in-php-fails%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is the database column something like 255 chars? Would also be useful to have the code which fetches the stored password.
– Nigel Ren
Nov 20 '18 at 19:51
255 chars would be sufficient, according to the PHP manual
– Fitzi
Nov 20 '18 at 19:54
1
"if I replace $_POST["password"] and $storedpwd with actual data the function works" Then either
$_POST["password"]or$storedpwdis not what you think it is. Run var_dump() to verify.– Alex Howansky
Nov 20 '18 at 19:56
You're most likely getting it wrong in the code you're not showing us. The population of your variables...
– Magnus Eriksson
Nov 20 '18 at 19:59
I assume you stored $storedpwd after hashing it with password_hash($password)? Dump both values and you should be able to see what's happening.
– Phillip Weber
Nov 20 '18 at 20:03