Verify password hash

Home

4D v20 R7


Verify password hash ( password ; hash ) -> Function result

Parameter	Type	Description
password	String	The user's password. Only the first 72 characters are used.
hash	String	A password hash.
Function result	Boolean	Returns TRUE if the password and hash match, otherwise returns FALSE.

Description

The Verify password hash function verifies that the given hash matches the given password.

This function compares password to a hash generated by the Generate password hash function.

Error management

The following errors may be returned. You can review an error with the GET LAST ERROR STACK and ON ERR CALL commands.

Number	Message
850	Password-hash: Unsupported algorithm.
851	Password-hash: Consistency check failure.

Reminder: Only bcrypt algorithm is supported. If your hash was not generated using bcrypt, an error is returned.

Example

This example verifies a password hash previously created by Generate password hash and stored in a [Users] table with a newly entered password:

 C_TEXT($password)

 $password:=Request("Please enter your password")

 

 If(Verify password hash($password;[Users]hash))

    ALERT("Good password")

 Else

    ALERT("Password error")

 End if

Note: The password is never stored on disk, only the hash. Using a remote 4D application, the hash could be produced on the client side. If instead, you use a JavaScript (or similar) based front end, the best practice for security is to create the hash on the server side. Of course, you should use a TLS encrypted network connection for security, as this requires transferring the password over the network.