How to compare md5 password php

Question

I need to check if $user_entered_passidential to $hash_val . Please help me?

    <?php
    $mypass = "Rainbow";
    $hash_val = md5($mypass);

    echo $hash_val; //always 32 characters

    $user_entered_pass = "rainbow";
?>

md5 is now considered vulnerable. I'd suggest switching to password_hash which is explain here http://php.net/manual/en/function.password-hash.php — Unex, Apr 13 '16 at 08:04

score 9 · Accepted Answer · answered Apr 13 '16 at 08:06

You can hash $user_entered_pass and compare, I use this method.

<?php
    $mypass = "Rainbow";
    $hash_val = md5($mypass);

    echo $hash_val; //always 32 characters

    $user_entered_pass = "rainbow";

    if(md5($user_entered_pass) == $hash_val){
      //The passwords are equal
    }
?>

score 2 · Answer 2 · edited May 23 '17 at 12:31

2

Compare it with the identical operator ===, e.g.:

if ($hashFromDatabase === md5($userEnteredPasswort)) {
    // authenticated ...
}

However, I strongly recommend you not to use md5 as hashing algorithm. Check out this answer here: Secure hash and salt for PHP passwords

Moreover, I recommend you using the new password hashing API from PHP (password_hash() and password_verify()).

edited May 23 '17 at 12:31

Community

1
1

answered Apr 13 '16 at 08:11

Andreas

2,821
25
30

score 1 · Answer 3 · answered Apr 13 '16 at 08:04

1

Convert user entered password to md5 and then check. $user_entered_pass_has = md5($user_entered_pass) Then check for equality.

answered Apr 13 '16 at 08:04

Web Artisan

1,870
3
23
33

How to compare md5 password php

3 Answers3