bcrypt in f3

[foozzione]

Hi all! I use for crypt my passwords:

\Bcrypt::instance()->hash($password, \Base::instance()->get('salt'), 10);

and then i verify with:

\Bcrypt::instance()->verify($typing_password, $password_in_db);

but this function forever answer "false". What am I doing wrong?

[bcosca]

Storing a password in the database is a major security hole! Once you get the hash returned by Bcrypt, you verify the typed password against that hash.

Again, don't store passwords anywhere. Just forget about them and store hashes instead.

[ved]

I'm not sure that's the problem he's having, he does appear to be storing just hashes on the database.

It's most likely some issue with the salt or another minor bug causing it to return false. 

Anyway, I would recommend that you stop using F3's bcrypt class (that has been marked for deprecation) and start using php's own password_hash and password_verify (php 5.5+)