Skip to main content
Version: 20 R7 BETA

Verify password hash

Verify password hash ( password ; hash ) -> Function result

ParameterTypeDescription
passwordTextThe user's password. Only the first 72 characters are used.
hashTextA password hash.
Function resultBooleanReturns TRUE if the password and hash match, otherwise returns FALSE.

Description

The Verify password hash function verifies that the given hash matches the given password.

This function compares password to a hash generated by the Generate password hash function.

Error management

The following errors may be returned. You can review an error with the Last errors and ON ERR CALL commands.

NumberMessage
850Password-hash: Unsupported algorithm.
851Password-hash: Consistency check failure.

Reminder: Only bcrypt algorithm is supported. If your hash was not generated using bcrypt, an error is returned.

Example

This example verifies a password hash previously created by Generate password hash and stored in a [Users] table with a newly entered password:

 var $password : Text
 $password:=Request("Please enter your password")
 
 If(Verify password hash($password;[Users]hash))
    ALERT("Good password")
 Else
    ALERT("Password error")
 End if

Note: The password is never stored on disk, only the hash. Using a remote 4D application, the hash could be produced on the client side. If instead, you use a JavaScript (or similar) based front end, the best practice for security is to create the hash on the server side. Of course, you should use a TLS encrypted network connection for security, as this requires transferring the password over the network.

See also

Generate password hash