4D v20.1

Verify password hash

Home

 
Home
4D v20.1
4D Language Reference
Tools
Verify password hash

Verify password hash 


 

Verify password hash ( password ; hash ) -> Function result 
Parameter Type   Description
password  String in The user's password. Only the first 72 characters are used.
hash  String in A password hash.
Function result  Boolean in Returns TRUE if the password and hash match, otherwise returns FALSE.

The Verify password hash function verifies that the given hash matches the given password.

This function compares password to a hash generated by the Generate password hash function.

The following errors may be returned. You can review an error with the GET LAST ERROR STACK and ON ERR CALL commands.
 

NumberMessage
850Password-hash: Unsupported algorithm.
851Password-hash: Consistency check failure.

Reminder: Only bcrypt algorithm is supported. If your hash was not generated using bcrypt, an error is returned. 

Example  

This example verifies a password hash previously created by Generate password hash and stored in a [Users] table with a newly entered password:

 C_TEXT($password)
 $password:=Request("Please enter your password")
 
 If(Verify password hash($password;[Users]hash))
    ALERT("Good password")
 Else
    ALERT("Password error")
 End if

Note: The password is never stored on disk, only the hash. Using a remote 4D application, the hash could be produced on the client side. If instead, you use a JavaScript (or similar) based front end, the best practice for security is to create the hash on the server side. Of course, you should use a TLS encrypted network connection for security, as this requires transferring the password over the network.



See also 


Generate password hash

Previous page
Next page

 
PROPERTIES 

Product: 4D
Theme: Tools
Number: 1534

This command can be run in preemptive processes

 
HISTORY 

Created: 4D v16 R5

 
ARTICLE USAGE

4D Language Reference ( 4D v20)
4D Language Reference ( 4D v20.1)