'Different variables after using password_hash()
I've been trying to do some security on my log in website and in the internet i found this function password_hash(). I don't know why but I can't log in. I'm using db.
$haslo1 = $_POST['haslo1'];
$haslo_hash = password_hash($haslo1, PASSWORD_DEFAULT);
if ($wszystko_OK == true) {
if ($polaczenie -> query("INSERT INTO uzytkownicy VALUES (NULL, '$nick', '$haslo_hash', '$email', 100, 100, 100, 14)")) {
$_SESSION['udanarejestracja'] = true;
header('Location: witamy.php');
} else {
throw new Exception($polaczenie -> error);
}
}
$haslo = $_POST['haslo'];
if (password_verify($haslo, $wiersz['pass'])) {
....
}
I checked the output variable by this code and find out that $haslo_hash1 and $haslo_hash2 are different:
<?php
$haslo = "qwerty123";
$haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT);
$haslo_hash2 = password_hash($haslo, PASSWORD_DEFAULT);
if ($haslo_hash1 == $haslo_hash2) {
echo "Jest okej<br>";
echo "$haslo_hash1<br>";
echo $haslo_hash2;
} else {
echo "to sa inne hasla po hashu<br>";
echo "$haslo_hash1<br>";
echo $haslo_hash2;
}
?>
Could you help me to fing solution?
Solution 1:[1]
$haslo = "qwerty123";
$haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT); // some hashed code generated for your password
$haslo_hash2 = password_hash($haslo, PASSWORD_DEFAULT); // some different hash code generated for your password
if ($haslo_hash1 == $haslo_hash2) { // it will never be true
echo "Jest okej<br>";
echo "$haslo_hash1<br>";
echo $haslo_hash2;
} else {
echo "to sa inne hasla po hashu<br>";
echo "$haslo_hash1<br>";
echo $haslo_hash2;
}
To verify, try it like this:
$haslo = "qwerty123";
$haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT);
if (password_verify($haslo, $haslo_hash1)) {
echo $haslo_hash1;
} else {
echo 'error';
}
Same goes for $haslo_hash2
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Tyler2P |