Version: v0.6.1 - Beta.  We welcome contributors & feedback.  THanks!

Password.match

match(correctPasswordHash)

Description

Returns true if the password is identical to correctPasswordHash.

SecurityThis uses PHP's password_verify function to protect against timing attacks. Never compare passwords with ==. Use this method instead.

// Get correct password from database
$query = sql'''
    select password from user where userId = {}
''';
$query.fill(Session.get('userId'));
$user = Db.getRow($query);
$correctPassword = $user.password;

// Check if password attempt is correct
$tryPassword = Input.post('password');
if $tryPassword.match($correctPassword) {
    // log in...
}

See Also