Home/ Questions/Q 8237833
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T19:36:08+00:00

I am trying to verify with PHP some passwords generated by Devise Ruby on

  • 0

I am trying to verify with PHP some passwords generated by Devise Ruby on Rails.
Devise was configured to use bcrypt.

My code is:

$database_record = "$2a$10$..."; // generated by devise
$user_input = 'asdasd';
$password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');

if (crypt($user_input, $database_record) == $password) {
    echo "<br/>Password verified!";
}
else {
    echo '<br/>failed!'; }

The documentation that I saw are using this method, but it doesn’t work for me. Am I forgetting something?
The “pepper string” should be used in any way?
Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m confused about this part.

    $password = crypt($user_input, '$2a$10$usesomesillystringforsalt$');

    I think you got confused by a later part of the documentation specifying how to create a hash and guarantee that it’s bcrypt. In your case, you’re verifying a hash so it will automatically do that.

    What you want to do is skip that and do:

    if (crypt($user_input, $database_record) == $database_record) {

    So if this works how I’d expect it to, crypt($user_input, $database_record) will take the salt from $database_record and use it to run bcrypt on $user_input. Then you want to compare the result to $database_record again since it’s the bcrypt hash of the correct password.

    • 0