Answer the question
In order to leave comments, you need to log in
How to compare password with old md5?
I ran into a problem that the password comparison does not want to give true, although I know for sure that they are the same.
md5, because my task is to save the database with users, and the site was made 5 years ago and it needs to be updated and other features added ..
Here is the code:
if(password_verify($data['password'], $row['pass'])) {
//row - это то что я достал с дб(пароль).
$_SESSION['logged_user'] = $user;
header("Location: cabinet/index.php");
}
else {
echo "не получилось";
}
Answer the question
In order to leave comments, you need to log in
If you have a password md5 hash stored in the database (which is not recommended ), then compare passwords using the md5 function https://www.php.net/manual/en/function.md5.php
For example, you can store several types of hashes - old md5 and new ones obtained by the password_hash function.
And in the code itself, check if the hash starts with $ - then this is a new hash, check it through password_verify, and if not, then this is the old hash, check it like this:
if (hash_equals(md5($password), $hash))
Well, in the event that the hash of the old format is suitable, then not only let the user in, but also generate a new hash from the password entered by him with the password_hash function and save it to the database so that over time the old hashes are replaced by new ones.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question