Home/ Questions/Q 8326753
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T00:52:19+00:00

I read php.net manual about crypt() function. And here is my code: #code….. #we

  • 0

I read php.net manual about crypt() function. And here is my code:

#code.....
#we retrieve existing salt and password from database
$salt=$saltquery['salt'];
#$ex_password - existing password
$ex_password=$saltquery['pass'];
#$pass defined earlier. that's input
$password_hash=crypt($pass, '$2a$07$'.$salt.'');
if (crypt($password_hash, $ex_password)==$ex_password) {
 #everything is ok
} else {
 #username/password combination doesn't exists
 $msgText = "Oops! Check your username and password";
 $pass=NULL;
}

I still get an error ‘Oops! Check your username and password’. I check database and output from $password_hash and they match.
Maybe it’s better to code like this:

#.....
if ($password_hash==$ex_password){}
#.....
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You must pass the user input to the crypt function when checking passwords (see the crypt docs):

    if (crypt($user_input, $hashed_password) == $hashed_password) {
   echo "Password verified!";
}

    You are currently calculating a new (different) password hash and compare it with the one that’s stored.

    • 0