password_hash returns different value every time

php passwords hash php-password-hash

I'm making a login system, and I want to hash the passwords to make them more secure, but it returns a different hash every time, and can't even be verified using password_verify(), here is my code:

$password = password_hash($password4, PASSWORD_DEFAULT);

and here is my code for verifying:

if(password_verify($password4, $dbpassword))

Solution 1:

So let's take it one part at a time

but it returns a different hash every time

That's the idea. password_hash is designed to generate a random salt every time. This means you have to break each hash individually instead of guessing one salt used for everything and having a huge leg up.

There's no need to MD5 or do any other hashing. If you want to raise the security of password_hash you pass a higher cost (default cost is 10)

$password = password_hash($password4, PASSWORD_DEFAULT, ['cost' => 15]);

As to verify

if(password_verify($password4, $dbpassword))

So $password4 should be your unhashed password and $dbpassword should be the hash you've stored in your database

Related

Scala underscore minimal function
How can one import only variables and mixins from Sass stylesheets?
What happens if I call a JS method with more parameters than it is defined to accept?
jQuery select based on text
Fastest primality test
What is the simplest way to write to stdout in binary mode?
Pre-Populate HTML form file input
Split string into array without deleting delimiter?
Cannot convert value of type 'Meme!' to expected argument type '@noescape (Meme) throws -> Bool'
How do I write the escape char '\' to code
g++ does not show a 'unused' warning
Parsing numbers with a comma decimal separator in JavaScript