I'm having a seeming spontaneous problem. Suddenly my password_verify()
function is returning false.
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$sql1 =
"SELECT `merchants_id`, `password`, `name` FROM table_name WHERE `email` = :email;";
$binds = array(
'email' => $email
);
$findvalue = Mage::getSingleton('core/resource')->getConnection('core_read')->fetchAll($sql1, $binds);
$findvalue = $findvalue[0];
$verified = password_verify($password, $findvalue['password']);
?>
As you may be able to see, I'm using Magento (Fully patched 1.7) and their methods to execute the query.
If I parse it through password_get_info($findvalue['password'])
it picks up that the password is valid and outputs the expected data (encryption type etc) however $verified
returns FALSE
The database field is set, and has always been set, to varchar(255)
.
EDIT---
This is the code that was used to create the passwords:
$hash = password_hash($value['password'], PASSWORD_BCRYPT);
$updateSql = 'UPDATE table_name SET `password` = :password WHERE `merchants_id` = :merchant_id;';
$updateBinds = array(
'password' => $hash,
'merchant_id' => $value['merchants_id']
);
$cxn->query($updateSql, $updateBinds);
Also, as requested here is a password string: $2y$10$TfTULzD9eVUEdjaquhcUmOhGD07X5VV3MloCpjaOmpt3GqOBpEhmm
I reset my password and it all worked.
I have a suspicion that it may be because I upgraded my PHP version to 5.6 meaning the algorithm may have changed.