password_verify function in php is not working despite proper varchar length

Question

I am learning php and was trying this php function but for some reason it isn't working despite trying all the answers here. I hashed 'b' using password_hash function and tried to verify it. Here is my code

if(password_verify('b', 
'$2y$10$OCZvoaVXX00xBkwpfGfgOu9AGXutvcZkhvpqSVWpL6v.BNnLsAN4u')){
echo "valid";
}else{
echo "invalid";
}

Please show us all the code (including the hashing). Without knowing how you got that hash, we won't be able to evaluate what actually happens. — M. Eriksson, Sep 20 '18 at 09:16
Your code works with a freshly generated password hash. What salt did you use to generate your hash? — Fergal Andrews, Sep 20 '18 at 09:21
yes you guys are right. It was actually the hash that was the problem that day. It turned out I was hashing an empty string. — Ayush, Feb 20 '19 at 05:25

score 3 · Answer 1 · answered Sep 20 '18 at 09:44

3

That's a hash of an empty string:

$hash = '$2y$10$OCZvoaVXX00xBkwpfGfgOu9AGXutvcZkhvpqSVWpL6v.BNnLsAN4u';
var_dump(password_verify('', $hash));

bool(true)

Find out where you're getting the input and work back from there, because it definitely isn't b.

answered Sep 20 '18 at 09:44

iainn

16,826
9
33
40

Thanks. You are right. I accidentally ended up hashing empty string that day. I realized that much later. Again thanks for your time. – Ayush Feb 20 '19 at 05:26

password_verify function in php is not working despite proper varchar length

1 Answers1