GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Tech User authentification / login issue (password hash)

k0nr4d · 07-03-2022, 08:59 AM

His issue is very simple - he's using BCRYPT, which generates a different hash for the same string each time it's run. You can literally run it on the same password 100 times and get 100 different hashes. As such, you can't compare strings like you could with a normal salted MD5 or something.

You have to use this:
https://www.php.net/manual/en/functi...ord-verify.php

Code:

if(password_verify($_POST['password'], $password)) {

07-03-2022, 08:59 AM
k0nr4d Confirmed User Industry Role: Join Date: Aug 2006 Location: Poland Posts: 9,228	His issue is very simple - he's using BCRYPT, which generates a different hash for the same string each time it's run. You can literally run it on the same password 100 times and get 100 different hashes. As such, you can't compare strings like you could with a normal salted MD5 or something. You have to use this: https://www.php.net/manual/en/functi...ord-verify.php Code: if(password_verify($_POST['password'], $password)) { __________________ Mechanical Bunny Media Mechbunny Tube Script \| Mechbunny Webcam Aggregator Script \| Custom Web Development