Different variables after using password_hash()

Question

I've been trying to do some security on my log in website and in the internet i found this function password_hash(). I don't know why but I can't log in. I'm using db.

$haslo1 = $_POST['haslo1'];
$haslo_hash = password_hash($haslo1, PASSWORD_DEFAULT);
if ($wszystko_OK == true) {
                    if ($polaczenie -> query("INSERT INTO uzytkownicy VALUES (NULL, '$nick', '$haslo_hash', '$email', 100, 100, 100, 14)")) {
                        $_SESSION['udanarejestracja'] = true;
                        header('Location: witamy.php');
                    } else {
                        throw new Exception($polaczenie -> error);
                    }
                }

$haslo = $_POST['haslo'];
if (password_verify($haslo, $wiersz['pass'])) {
   ....
}

I checked the output variable by this code and find out that $haslo_hash1 and $haslo_hash2 are different:

<?php
    $haslo = "qwerty123";

    $haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT);
    $haslo_hash2 = password_hash($haslo, PASSWORD_DEFAULT);

    if ($haslo_hash1 == $haslo_hash2) {
        echo "Jest okej<br>";
        echo "$haslo_hash1<br>";
        echo $haslo_hash2;
    } else {
        echo "to sa inne hasla po hashu<br>";
        echo "$haslo_hash1<br>";
        echo $haslo_hash2;
    }
?>

Could you help me to fing solution?

Does this answer your question? [How to use PHP's password\_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) — Progman, Apr 19 '22 at 19:52
Unfortunetly no, I can't log in when password is hashed and i dont know why. I supose there is a mistake in my code but i dont know where. — Wojtek, Apr 19 '22 at 20:13
Check all the checkpoints mentioned in the linked question. Also, for debugging purposes, add a `var_dump($haslo, $wiersz['pass']);` before your `if (password_verify($haslo, $wiersz['pass']))` line, rerun your PHP script and [edit] your question to include the new source code you have and the debug output you get now (looks something like `string(8) "whatever" string(...`.) — Progman, Apr 19 '22 at 20:22

score 0 · Answer 1 · edited Apr 19 '22 at 17:03

0

$haslo = "qwerty123";
$haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT); // some hashed code generated for your password
$haslo_hash2 = password_hash($haslo, PASSWORD_DEFAULT); // some different hash code generated for your password

if ($haslo_hash1 == $haslo_hash2) { // it will never be true
    echo "Jest okej<br>";
    echo "$haslo_hash1<br>";
    echo $haslo_hash2;
} else {
    echo "to sa inne hasla po hashu<br>";
    echo "$haslo_hash1<br>";
    echo $haslo_hash2;
}

To verify, try it like this:

$haslo = "qwerty123";
$haslo_hash1 = password_hash($haslo, PASSWORD_DEFAULT);

if (password_verify($haslo, $haslo_hash1)) {  
    echo $haslo_hash1;
} else {
    echo 'error';
}

Same goes for $haslo_hash2

edited Apr 19 '22 at 17:03

Tyler2P

2,324
26
22
31

answered Apr 19 '22 at 11:59

Diksh

1

Okey it works now but why when i m trying to log in and check if password match password in db it is not working ? $wiersz['pass'] is a reference to column in db. – Wojtek Apr 19 '22 at 12:27
if you are using password_verify, it should work. Must be some mistake in syntax – Diksh Apr 19 '22 at 12:38
if ($rezultat = @$polaczenie->query ( sprintf("SELECT * FROM uzytkownicy WHERE user='$s'", mysqli_real_escape_string($polaczenie, $login)) )) { (Here is code where I'm extracting data.) $wiersz = $rezultat->fetch_assoc(); (Here I create assoc table.) – Wojtek Apr 19 '22 at 13:18

Different variables after using password_hash()

1 Answers1