How to verify password against database?

I went through many articles related to this topic, such as this:

Using PHP 5.5’s password_hash and password_verify function

Yet, I’m unsure if I’m hashing and salting the correct way or over doing it!

I want to use my own salt and then hash. Both salt and hashed password stored in the database in two different fields.

This is how I hash the password before storing into database

$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("$2a$%02d$", $cost) . $salt;

//shall I remove this line and replace below PASSWORD_DEFAULT  with PASSWORD_BCRYPT instead?
$password = crypt($data['password'], $salt);

$hash = password_hash($password, PASSWORD_DEFAULT);

Given that, I’m trying to verify the password as below: Somehow I feel that I’m complicating the process.

$salt=$row['salt'];//taken from db
$hashAndSalt=$row['hashpword'];//taken from db
$password="pwtester";//user keyed in password

$newpassword = crypt($password, $salt);
$newhash = password_hash($newpassword, PASSWORD_DEFAULT);


if (password_verify($password, $newhash)) {
   echo"verified";
}
else
{
    echo"Not verified"; 
}

EDITED:

Now I store like this:

$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$options = array('cost' => $cost,'salt' => $salt);
$hash = password_hash($data['password'], PASSWORD_DEFAULT,$options);

But verification confusing:

$email = "[email protected]";
$uid= '555ca83664caf';
$sql = "SELECT *FROM authsessions WHERE email =:myemail AND useruuid =:uid";

$statement = $pdo->prepare($sql);
$statement->bindValue(':myemail', $email);
$statement->bindValue(':uid', $uid);
$statement->execute();
while( $row = $statement->fetch()) {
    echo "salt ".$row['salt']."<br/><br/>";
    echo "hashpassword ".$row['hashpword'];
}

$salt=$row['salt'];
$hashAndSalt=$row['hashpword'];
$password="test55";

$newhash = password_hash($password+$salt, PASSWORD_DEFAULT);


if (password_verify($newhash, $hashAndSalt)) {
   echo"verified";
}
else
{
    echo"Not verified"; 
}

It echoes “Not Verified”

Related Posts:

  1. Replace ' and similar html codes with their correspondent character?
  2. How to prevent the “Confirm Form Resubmission” dialog?
  3. navigate back with PHP form submission
  4. How do I make a redirect in PHP?
  5. List of All Locales and Their Short Codes?
  6. How to fix “Headers already sent” error in PHP
  7. Whoops, looks like something went wrong. Laravel 5.0
  8. “Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
  9. http://localhost:80 is not working on running Apache server through UniServer ZeroXIII
  10. PDOException SQLSTATE[HY000] [2002] No such file or directory
  11. How do I get PHP errors to display?
  12. Get the full URL in PHP
  13. How do I check if a string contains a specific word?
  14. How to force file download with PHP
  15. How to Set Category Page as Home Page in Prestashop
  16. Get the full URL in PHP
  17. How to copy a file from one directory to another using PHP?
  18. Getting an error when I visit http://localhost
  19. PHP random string generator
  20. What are the differences in die() and exit() in PHP?
  21. How to call a JavaScript function from PHP?
  22. Error 500: Premature end of script headers
  23. Cookies vs. sessions
  24. Expected status code 200 but received 500
  25. PDO with INSERT INTO through prepared statements
  26. Can you “compile” PHP code and upload a binary-ish file, which will just be run by the byte code interpreter?
  27. How to get the file extension in PHP?
  28. Invalid argument supplied for foreach()
  29. Remove the last character from a string
  30. How to prevent Browser cache for php site
  31. what does a .php?id=&value=value means?
  32. Setting up a PHP interpreter in PhpStorm
  33. Get Current URL in Magento and show something
  34. php create object without class
  35. Creating a search form in PHP to search a database?
  36. How do I make a simple crawler in PHP?
  37. Weird PHP error: ‘Can’t use function return value in write context’
  38. Create PDF file using PHP
  39. How do I get a YouTube video thumbnail from the YouTube API?
  40. pdo – Call to a member function prepare() on a non-object
  41. Sort array of objects by object fields
  42. Compare given date with today
  43. When to generate a new Application Key in Laravel?
  44. “Connection for controluser as defined in your configuration failed” with phpMyAdmin in XAMPP
  45. Call to undefined method mysqli_stmt::get_result
  46. Replace spaces with a dash in a URL
  47. Are PDO prepared statements sufficient to prevent SQL injection?
  48. Message: Trying to access array offset on value of type null [duplicate]
  49. retrieve data from db and display it in table in php .. see this code whats wrong with it?
  50. Count how many files in directory PHP
  51. What does it mean to escape a string?
  52. Creating default object from empty value in PHP?
  53. Send attachments with PHP Mail()?
  54. header location not working in my php code
  55. PHP Error: Function name must be a string
  56. Uncaught Error: Call to undefined function mysql_escape_string()
  57. Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by all
  58. Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
  59. Convert DateTime to String PHP
  60. Warning: mysqli_query() expects at least 2 parameters, 1 given. What? [duplicate]
  61. Xampp Access Forbidden php
  62. PHP cURL custom headers
  63. File attachment with PHPMailer
  64. Warning: mysqli_query() expects parameter 1 to be mysqli, resource given
  65. Fatal error: Call to undefined function money_format()
  66. Laravel 5 MethodNotAllowedHttpException in RouteCollection.php line 201:
  67. PHP “&” operator
  68. Mysql where id is in array
  69. XAMPP, using port:81, cannot run localhost:81/mywebsite
  70. How to extract and access data from JSON with PHP?
  71. What is the MM/DD/YYYY regular expression and how do I use it in php?
  72. Warning “Do not Access Superglobal $_POST Array Directly” on Netbeans 7.4 for PHP
  73. How to integrate WordPress with Angular 8 for website?
  74. Fatal error: Maximum execution time of 30 seconds exceeded
  75. cURL request in Laravel
  76. PHP array printing using a loop
  77. How to send to BCC address when using PHPMailer to format MIME message for Gmail API?
  78. Call a REST API in PHP
  79. Is there any way to test PHP locally without installing a server?
  80. PHP Redirect with POST data
  81. Getting the screen resolution using PHP
  82. PHP: fopen() Permission denied
  83. How should I be setting browscap.ini file
  84. CodeIgniter: Unable to connect to your database server using the provided settings Error Message
  85. Returning JSON from a PHP Script
  86. How to run a PHP function from an HTML form?
  87. Can I store images in MySQL 
  88. MySQL Daemon Failed to Start – centos 6
  89. How to insert TIMESTAMP into my MySQL table?
  90. How to remove index.php from WordPress site URL
  91. Remove warning messages in PHP
  92. How to generate .json file with PHP?
  93. Call to a member function on a non-object [duplicate]
  94. Generate PDF from HTML PHP
  95. Call to a member function fetch_assoc() on boolean in [duplicate]
  96. How to use Memcached with PHP7?
  97. Remove empty array elements
  98. select count(*) from table of mysql in php
  99. Auto increment in phpmyadmin
  100. wordpress menu dropdown item not showing after first dropdown

Leave a Comment