Check password for correctness with php crypt

Question

I have this password in the database:

$pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keGRauKIPmNiIQZEbqA.nD.bJrhtul0

plaintext password is: testtest

How can I check if the password is correct?

in the past i could do this with:

crypt('testtest', '$pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keGRauKIPmNiIQZEbqA.nD.bJrhtul0');

but this does not work after a server move, does somebody has any idea?

fyi, PHP has [password_hash](https://www.php.net/manual/en/function.password-hash.php) and [password_verify](https://www.php.net/manual/en/function.password-verify.php) — brombeer, May 06 '22 at 09:48
Don't make up your own system - use what is provided already: [How to use PHP's password_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) — ADyson, May 06 '22 at 09:51
P.S. We don't know what "does not work" actually means, either - do you get a error or something? And what does "server move" imply...did you change the version of PHP, perhaps? — ADyson, May 06 '22 at 09:52
@ADyson - the password $pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keGRauKIPmNiIQZEbqA.nD.bJrhtul0 saved by a CRM system and I cannot change it, I would now like to check whether the password entered matches that from the CRM. $hash = '$pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keGRauKIPmNiIQZEbqA.nD.bJrhtul0"'; if (password_verify('testtest', $hash)) { echo 'Password is valid!'; } else { echo 'Invalid password.'; } always comes invalid — ibu400, May 06 '22 at 10:29
What version of PHP are you using now? What version were you using on the old server? — ADyson, May 06 '22 at 10:33
Ok so password_verify won't work with anything which wasn't hashed using password_hash, so we can ignore that, if you can't have a scheme to reset them all and update the registration process etc to switch to using it then you'll have to work on the crypt version. — ADyson, May 06 '22 at 10:51
Going back to crypt, what specifically is going wrong when you try to use that in 5.6? — ADyson, May 06 '22 at 10:52
@ADyson crypt('testtest', '$pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keGRauKIPmNiIQZEbqA.nD.bJrhtul0'); outputs only $pN9U4kJJtHuw — ibu400, May 06 '22 at 11:04
Ok. And what did you expect it to output? Unless I've made a mistake, under 5.2 it doesn't output anything at all - https://onlinephp.io/c/76029 — ADyson, May 06 '22 at 11:08
@ADyson the query looks like this $pass = 'testtest'; $passdb = '$pbkdf2-sha256$25000$dsvza5WnPh0eldHhp59PiQ$1YUkXJIl6Ek5keG‌RauKIPmNiIQZEbqA.nD.‌bJrhtul0'; $passtest = crypt($pass, $passdb); if ($passtest == $passdb) { } — ibu400, May 06 '22 at 11:35

Check password for correctness with php crypt

0 Answers0