samedi 1 juin 2019

PHP password_hash() creates different hashes at different times

I am creating an website with an user login system. For the authentification I use php password_hash() and password_verfiy().

In my code for the passwordRecovery I found an error. I am creating an random password and saving this with password_hash() to the database. I also send the user an email with the not hashed new password. But the authentification is not working.

At the end of the script I also printed the password and the hashed password and the printed hashed password and the hashed password in the database are different.

$zeichen = '0123456789abcdefghijklmnopqrstuvwxyz';
  $newPassword = '';
  $anz = strlen($zeichen);
  for ($i=0; $i<16; $i++) {
    $newPassword .= $zeichen[rand(0,$anz-1)];
  }

... (some other code) ...

$sql = "UPDATE user SET password = :password WHERE email = :email";

$para = array(
  'password' => password_hash($newPassword, PASSWORD_DEFAULT),
  'email' => $email
);

DATABASE->SEND_FUNCTION(); //not a real function

... (some other code) ...

echo $newPassword; 
echo password_hash($newPassword, PASSWORD_DEFAULT);

As you can see, I create a new password first and the save it hashed to the database. At the end I echo both forms of the password. echo $newPassword gives me the same string I can the in my "New Password email". But echo password_hash($newPassword, PASSWORD_DEFAULT); shows me a different string than I can see in my database.

Thank you guys for your help in advance. Im pretty lost.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)