Announcement

Collapse
No announcement yet.

Password_hash and Password_verify

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password_hash and Password_verify

    Good afternoon,

    I am trying to get the following to work but perhaps I am missing something:

    $slogin = sc_sql_injection({login});

    $spswd = sc_sql_injection({pswd});

    sc_lookup(ds, "select pswd from sec_users where login = '{login}'");


    $hashed= {ds[0][0]};


    echo $spswd," ";
    echo $slogin," ";
    echo $hashed," ";


    if (password_verify($spswd, $hashed))
    {

    echo 'Password is valid!';
    }

    else

    {

    echo 'Password is NOT valid!';
    }

    The password_verify is not validating. I would prefer to not use sha512 but that seems to be the only thing I can get to work. I created the password using
    password_hash({pswd}, PASSWORD_BCRYPT);

    Any advice would be appreciated.
Working...
X