Verify password hash
Verify password hash ( password ; hash ) -> Function result
| Parameter | Type | Description | |
|---|---|---|---|
| password | String | 🡒 | The user's password. Only the first 72 characters are used. |
| hash | String | 🡒 | A password hash. |
| Function result | Boolean | 🡐 | Returns TRUE if the password and hash match, otherwise returns FALSE. |
Description
The Verify password hash function verifies that the given hash matches the given password.
This function compares password to a hash generated by the Generate password hash function.
Error management
The following errors may be returned. You can review an error with the GET LAST ERROR STACK and ON ERR CALL commands.
| Number | Message |
|---|---|
| 850 | Password-hash: Unsupported algorithm. |
| 851 | Password-hash: Consistency check failure. |
Reminder: Only bcrypt algorithm is supported. If your hash was not generated using bcrypt, an error is returned.
Example
This example verifies a password hash previously created by Generate password hash and stored in a [Users] table with a newly entered password:
var $password : Text
$password:=Request("Please enter your password")
If(Verify password hash($password;[Users]hash))
ALERT("Good password")
Else
ALERT("Password error")
End if
Note: The password is never stored on disk, only the hash. Using a remote 4D application, the hash could be produced on the client side. If instead, you use a JavaScript (or similar) based front end, the best practice for security is to create the hash on the server side. Of course, you should use a TLS encrypted network connection for security, as this requires transferring the password over the network.