<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Verifies that a password matches a hash</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.password-needs-rehash.html">password_needs_rehash</a></div> <div class="next" style="text-align: right; float: right;"><a href="refs.database.html">Database Extensions</a></div> <div class="up"><a href="ref.password.html">Password Hashing Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.password-verify" class="refentry"> <div class="refnamediv"> <h1 class="refname">password_verify</h1> <p class="verinfo">(PHP 5 >= 5.5.0)</p><p class="refpurpose"><span class="refname">password_verify</span> — <span class="dc-title">Verifies that a password matches a hash</span></p> </div> <div class="refsect1 description" id="refsect1-function.password-verify-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">boolean</span> <span class="methodname"><strong>password_verify</strong></span> ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$password</code></span> , <span class="methodparam"><span class="type">string</span> <code class="parameter">$hash</code></span> )</div> <p class="para rdfs-comment"> Verifies that the given hash matches the given password. </p> <p class="para"> Note that <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span> returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information. </p> </div> <div class="refsect1 parameters" id="refsect1-function.password-verify-parameters"> <h3 class="title">Parameters</h3> <dl> <dt> <span class="term"><em><code class="parameter">password</code></em></span> <dd> <p class="para"> The user's password. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">hash</code></em></span> <dd> <p class="para"> A hash created by <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span>. </p> </dd> </dt> </dl> </div> <div class="refsect1 returnvalues" id="refsect1-function.password-verify-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns <strong><code>TRUE</code></strong> if the password and hash match, or <strong><code>FALSE</code></strong> otherwise. </p> </div> <div class="refsect1 examples" id="refsect1-function.password-verify-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-876"> <p><strong>Example #1 <span class="function"><strong>password_verify()</strong></span> example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// See the password_hash() example to see where this came from.<br /></span><span style="color: #0000BB">$hash </span><span style="color: #007700">= </span><span style="color: #DD0000">'$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'</span><span style="color: #007700">;<br /><br />if (</span><span style="color: #0000BB">password_verify</span><span style="color: #007700">(</span><span style="color: #DD0000">'rasmuslerdorf'</span><span style="color: #007700">, </span><span style="color: #0000BB">$hash</span><span style="color: #007700">)) {<br /> echo </span><span style="color: #DD0000">'Password is valid!'</span><span style="color: #007700">;<br />} else {<br /> echo </span><span style="color: #DD0000">'Invalid password.'</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> <div class="example-contents"><p>The above example will output:</p></div> <div class="example-contents screen"> <div class="cdata"><pre> Password is valid! </pre></div> </div> </div> </p> </div> <div class="refsect1 seealso" id="refsect1-function.password-verify-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.password-hash.html" class="function" rel="rdfs-seeAlso">password_hash()</a> - Creates a password hash</span></li> <li class="member"><a href="https://github.com/ircmaxell/password_compat" class="link external">» userland implementation</a></li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.password-needs-rehash.html">password_needs_rehash</a></div> <div class="next" style="text-align: right; float: right;"><a href="refs.database.html">Database Extensions</a></div> <div class="up"><a href="ref.password.html">Password Hashing Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>