Hi,
Seem to be having problem with the password_hash() as it keeps changing the hash value of the same password. Why ?
When each time I refresh the page, the $password_hashed value changes! Why ? The $password is still the same who's value is: '123'.
And password_verify($password,$db_password) always echoes '1' (TRUE). How so, since the $hashed_password value changes each time ? Odd!
Try this code in your browser and see for yourself.
Refresh the page on each occassion and see what you get echoed!
echo 'password: ' .$password = '123'; echo '<br>';
echo 'password hashed: ' .$password_hashed = password_hash($password,PASSWORD_DEFAULT); echo '<br>';
//$db_password or database password is now the hash: $2y$10$cie0yEEiLdJkK3IDj8ABXO/vTMvR3F3twO2SVY1VC6D3zP1Fp/xPW
echo 'db password: ' .$db_password = '$2y$10$cie0yEEiLdJkK3IDj8ABXO/vTMvR3F3twO2SVY1VC6D3zP1Fp/xPW'; echo '<br>';
echo password_verify($password,$db_password); //echoes '1' (true).
I understand that the hash value changes each time due to the SALT changing each time on page refresh but how will the password_verify() know which SALT to use on each occassion to decrypt the hash ?