In PHP, what are the recommended methods for comparing a user-entered password with the hashed password stored in the database using password_verify()?
When comparing a user-entered password with the hashed password stored in the database, it is recommended to use the password_verify() function in PHP. This function compares a plain text password with a hashed password and returns true if they match, or false if they do not. This is a secure way to validate user passwords without having to manually decrypt the hashed password.
// Retrieve hashed password from the database
$hashed_password = $row['password']; // Assuming $row is the result from the database query
// User-entered password
$user_password = $_POST['password'];
// Compare user-entered password with hashed password
if (password_verify($user_password, $hashed_password)) {
// Passwords match
echo "Password is correct";
} else {
// Passwords do not match
echo "Invalid password";
}
Related Questions
- What are some strategies for optimizing PHP scripts to handle multiple page loads efficiently?
- What is the difference between a lookahead and lookbehind assertion in regular expressions, and how are they used in PHP?
- What potential issues can arise when incorporating a "token" field into a PHP database insertion query?