1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.password-verify" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>password_verify</refname>
<refpurpose>Verifies that a password matches a hash</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>bool</type><methodname>password_verify</methodname>
<methodparam><modifier role="attribute">#[\SensitiveParameter]</modifier><type>string</type><parameter>password</parameter></methodparam>
<methodparam><type>string</type><parameter>hash</parameter></methodparam>
</methodsynopsis>
<para>
Verifies that the given hash matches the given password.
<function>password_verify</function> is compatible with <function>crypt</function>.
Therefore, password hashes created by <function>crypt</function> can be used with
<function>password_verify</function>.
</para>
<para>
Note that <function>password_hash</function> returns the algorithm, cost and salt
as part of the returned hash. Therefore, all information that's needed to verify
the hash is included in it. This allows the verify function to verify the hash
without needing separate storage for the salt or algorithm information.
</para>
<para>
This function is safe against timing attacks.
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<variablelist>
<varlistentry>
<term><parameter>password</parameter></term>
<listitem>
<para>
&password.parameter.password;
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>hash</parameter></term>
<listitem>
<para>
&password.parameter.hash;
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns &true; if the password and hash match, or &false; otherwise.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>password_verify</function> example</title>
<para>
This is a simplified example; it is recommended to rehash a correct password
if necessary; see <function>password_needs_rehash</function> for an example.
</para>
<programlisting role="php">
<![CDATA[
<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
Password is valid!
]]>
</screen>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>password_needs_rehash</function></member>
<member><function>password_hash</function></member>
<member><link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="&url.password.compat;">userland implementation</link></member>
<member><function>sodium_crypto_pwhash_str_verify</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
|
