How to Verify Passwords with password_verify() in PHP

In this lesson I will show you how to use password_verify() to validate a password from a user.

Consider the situation when a user password has been hashed (see this lesson) and stored in a database, and the user visits the site and enters their password as part of a login process.  We need to check the password the user has entered against the stored password.

In the previous lesson we saw that the plain text and hashed password details were:

The plain text password is: qwerty12345
The hashed password is: $2y$10$dIfNyWIKwcjGDZDJ/Fls5.r8Z4WXcsOfiQ7NFfn8adFhmjW3QJB9S

To check the user input against the hashed password we use the password_verify() function as follows:

<?php

$userInput = "qwerty12345";

$storedHashedPassword = '$2y$10$dIfNyWIKwcjGDZDJ/Fls5.r8Z4WXcsOfiQ7NFfn8adFhmjW3QJB9S';

if (password_verify($storedHashedPassword, $userInput)) {
    echo 'Password is valid.';
} else {
    echo 'Password is invalid.';
}

Line 3: this variable is simply acting as the user input

Line 5: this would be the stored hashed password

Line 7: we use password_verify to validate the input against the stored password

If you would like to learn more about using PHP then enrol in the PHP for Beginners course.

Want to Learn More?

Become a member and get access to the member only area of this site.

LEARN MORE

Comments

Your email address will not be published.

PHP for Beginners

Would you like lifetime access to the hugely successful PHP for Beginners course? Click here to find out how.

FREE Code Snippets

FREE hints and tips delivered direct to you once per month.