problems with validating hash with password in php

2

When creating a user, I do the following for criptografar password:

$options = ['cost' => 12];
$encripted = password_hash($this->input->post('senha'), PASSWORD_BCRYPT, $options);

When logging in I do the following:

$result = $this->db->get('users');
$db_password = $result->row(2)->senha;
if (password_verify($senha, $db_password)) {
    return true;
} else {
    return false;
}

But it always falls into FALSE .

NOTE: I put a print_r to check the value of db_password it has hash correct.

    
asked by anonymous 22.06.2016 / 05:01

1 answer

0
  

Your question has been answered in the comment, I am just rewriting and adding more details should someone else have the same problem.

The password_hash() function has two supported algorithms, which are:

  • PASSWORD_DEFAULT
  • PASSWORD_BCRYPT
  • PASSWORD_DEFAULT currently uses bcrypt. It is designed to be changed when stronger new algorithms are implemented in PHP. That way it currently requires 60 characters, but it is recommended that you store it in larger columns. The PHP manual recommends that storing in a column with 255 characters would suffice.

    In the meantime the PASSWORD_BCRYPT will use the crypt() function. The result will always be 60 characters. In this case there is no intention of PHP to change this, therefore storing in a 60-character column suffices . Remember that if you use PASSWORD_BCRYPT the password must have a maximum of 72 characters .

    Not having enough space to be stored, as in your case, will result in error.

    See the manual for more information: link

        
    20.07.2016 / 04:55