1<?php
2/*
3Currently the default password hashing method is using BCRYPT
4This may change in the future if vulnerabilities are found
5in BCRYPT
6
7Other options such as PASSWORD_BCRYPT and PASSWORD_ARGON2ID
8may be used instead of PASSWORD_DEFAULT
9*/
10$passwordHash = password_hash('password123', PASSWORD_DEFAULT);
11$passwordCandidate = 'password123'; // Password is correct here
12
13/*
14Check the password using password_verify
15password_verify() returns bool(true) if the password is correct
16If the password is not correct, it returns bool(false)
17*/
18if (password_Verify($passwordCandidate, $passwordHash)) {
19 echo 'Valid password!';
20} else {
21 echo 'Invalid password!';
22}
1
2<?php
3// See the password_hash() example to see where this came from.
4$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
5
6if (password_verify('rasmuslerdorf', $hash)) {
7 echo 'Password is valid!';
8} else {
9 echo 'Invalid password.';
10}
11?>
12
13
1
2<?php
3$hash = password_hash('rasmuslerdorf');
4// the password_hash function will encrypt the password into a 60 character string
5if (password_verify('rasmuslerdorf', $hash)) {
6 echo 'Password is valid!';
7} else {
8 echo 'Invalid password.';
9}
10?>
11// the only to decrypt is by using the password_verify() function
12
1$password = ;LULPassword342';
2$hashedPassword = 'dasasdfjkl;asdfiojadfasdasdfasdfsda23412342345@#!$df';//hash
3$passwordCheck = password_verify($password,$hashedPassword);