php password_hash and password_verify issues no match
I am trying out a new function from PHP 5.5 called password_hash().
No matter what i do the $hash and the $password wont match.
$password = "test";
$hash = "$2y$10$fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e";
if (password_verify($password, $hash)) {
echo "Success";
}
else {
echo "Error";
}
Answer
The problem with your code is that you are using the double quotation marks " instead of the single quotation marks ' when dealing with your hash.
When assigning:
$hash = "$2y$10$fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e";
It's making php think you have a variable called $2y and another one called $10 and finally a third one called $fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e. Which obviously isn't the case.
I noticed when turning on error reporting that the error:
Notice: Undefined variable: fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e
Was being thrown by PHP.
Replace all your double quote marks with single quote marks to fix.
E.g
$hash = '$2y$10$fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e';
Treats the whole hash as a literal string instead of a string with embedded variables.