-1

i'm trying to make the password_verify match the crypt password in the database, but i'm having a problem, it seems it doesn't match.

I already search for this and i've found that i need to use VARCHAR with a maximum length of 255 and still doesn't work.

Here is the code:

if( isset($_POST['bG9n']) && "bG9naW4") {

  $email = $_POST['email'];
  $pass= $_POST['pass'];
if($pass) {
        $crypt = password_hash($pass,PASSWORD_BCRYPT);
        $decrypt = password_verify($pass,$crypt);
    }
    if(password_verify($pass,$crypt)) {
        echo "Sucess"; // It does echo Sucess 
    }
if (!empty($email) && !empty($pass) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($pass,$crypt)) {

    $sql = "SELECT email, pass FROM clientes WHERE email ='$email' AND pass = '$decrypt' ";
    $query = $DB_con->prepare($sql);
    $query->execute();
    $count = $query->rowCount();
        if($count  == 1){
                $_SESSION['email'] = $email;
                $_SESSION['pass'] = $decrypt;
                header("Location: home.php");
        }

        else {

            echo "<BR>Error";

        }

    }

Probably is an easy fix but i can't seem to find what's wrong.

Thanks everyone in advance.

Ruben Perdigao
  • 23
  • 1
  • 5
  • I'd suggest reading the [documentation](http://php.net/password). This looks quite wrong. E.g. how you got to the idea that password_verify returns an unhashed password I have no idea. – Jonnix Aug 22 '17 at 10:11
  • 1
    you're going about it the wrong way. You're trying to check against `$decrypt = password_verify($pass,$crypt);` in your query `AND pass = '$decrypt'` and using way too many `password_verify()`'s. – Funk Forty Niner Aug 22 '17 at 10:12

1 Answers1

3

It's a normal behaviour. Hash with bcrypt is not deterministic, it differs from launch to launch, so you can't query it.

You have to check if it matches not via mysql but via php.

So, first get it from database, then $isVerified = password_verify($pass, $hashFromDB);

shukshin.ivan
  • 11,075
  • 4
  • 53
  • 69