1

As parse.com is shutting down its services, I have to migrate to mysql as of now. But I can't seem to get its password generation method.

Sample password is:

"$2a$10$oNQjqXhZjWHVb.ock1Lfs.D4yeHhtaEFdiuHNIkSsambfsSCix/96"

I read few sources and got that it uses bcrypt for password generation with cost as 10. Still I am not able to get the concept and implement the same in PHP(in which I am building my APIs for my app).

Below is the link for the same, which I came across:

What column type/length should I use for storing a Bcrypt hashed password in a Database?

Can anyone please help me build the same password generation method in php so that I don't loose out on my existing app users (I need to verify password for login and as well as generate one upon registration).

Thanks in advance!

Community
  • 1
  • 1
milan kumar
  • 31
  • 1
  • 7

1 Answers1

2

You should use password_verify():

$hash = '$2a$10$oNQjqXhZjWHVb.ock1Lfs.D4yeHhtaEFdiuHNIkSsambfsSCix/96'; // e.g. coming from database
$userInput = isset($_POST['password']) ? $_POST['password'] : null; // coming from user input form

if (password_verify($userInput, $hash)) {
    // user password valid
}
else {
    // user password invalid
}
Andreas
  • 2,821
  • 25
  • 30
  • Use `password_hash()` for registration: http://php.net/manual/en/function.password-hash.php – Andreas May 02 '16 at 07:04
  • that doesn't produce the same result as I have mentioned..thats why asked this question. Password hash produce result in different format. – milan kumar May 02 '16 at 07:22
  • I guess you don't understand at all how `password_hash()` and `password_verify()` work. Read the documentation first, then just try it. It will work. – Andreas May 02 '16 at 07:35