Verify password hash
Verify password hash ( password ; hash ) : Boolean
| Parameter | Type | Description | |
|---|---|---|---|
| password | Text | → | The user's password. Only the first 72 characters are used. |
| hash | Text | → | A password hash. |
| Function result | Boolean | ← | Returns TRUE if the password and hash match, otherwise returns FALSE. |
Description
The Verify password hash function verifies that the given hash matches the given password.
This function compares password to a hash generated by the Generate password hash function.
Error management
The following errors may be returned. You can review an error with the Last errors and ON ERR CALL commands.
| Number | Message |
|---|---|
| 850 | Password-hash: Unsupported algorithm. |
| 851 | Password-hash: Consistency check failure. |
Reminder: Only bcrypt algorithm is supported. If your hash was not generated using bcrypt, an error is returned.
Example
This example verifies a password hash previously created by Generate password hash and stored in a [Users] table with a newly entered password:
var $password : Text
$password:=Request("Please enter your password")
If(Verify password hash($password;[Users]hash))
ALERT("Good password")
Else
ALERT("Password error")
End if
Note: The password is never stored on disk, only the hash. Using a remote 4D application, the hash could be produced on the client side. If instead, you use a JavaScript (or similar) based front end, the best practice for security is to create the hash on the server side. Of course, you should use a TLS encrypted network connection for security, as this requires transferring the password over the network.
See also
Properties
| Command number | 1534 |
| Thread safe | ✓ |