0

I have Moodle 2.7. Users logins and passwords hashes is stored in mdl_user table. I want to create external script that can check - if login and password are correct.

As i see - this moodle version use some function php like password_hash() to generate password hash.

My php version is 5.4 so i can't use this function. So i use this library https://github.com/ircmaxell/password_compat with this code 

$password_hash = password_hash( $password , PASSWORD_DEFAULT, array());

The problem is that hash is different each time i calculate it. So i cant compare this hash to string that is placed in mdl_user table.

moonvader
  • 19,761
  • 18
  • 67
  • 116

1 Answers1

2

If this function is similar to that of the password_hash() native to PHP, the salt is generated along with the hash, and the salt is randomized. Because of this, comparing the results of 2 separate calls of password_hash() are not going to match.

The function you're looking for password_verify(), which takes the inputted password and the hash on the database. If this returns true, then the passwords match.

Robert Calove
  • 449
  • 2
  • 9