In my php file I have 3 variables, one that includes the clear password and one that includes the clear password after reversed from the ROT13 encryption and my last variable that contains the hashed password.

 <?php
 $clearpwd = $_POST['var1']; //something
 $reversedpwd = str_rot13($_POST['var2']); //something that was reversed now and stored as something now not in rot13 form
 $hashedpwd = '$2y$10$4sIma.5gA9sqoXckMG.Fru/hRxvV6nrodiI/24wvu.qp1jpLG1gU2';
 //a hash given by password_hash(something, PASSWORD_DEFAULT); note that the hash is already generated and not regenerated each time you execute the php so it's static. 
 
 echo password_verify($clearpwd, $hashedpwd); //returns 1
 echo password_verify($reversedpwd, $hashedpwd); //returns nothing
 ?>

So when i execute password_verify at the end both clearpwd and reversedpwd holds the exact same text ('something' in this example) but only with clearpwd i get 1.

Any idea or why it doesn't like to match the algorithm a text that was previously rot13 coded and then decoded to have the original string ('something') ??

Other info: I'm using php ver 7.4 with Softaculous AMPPS. The rot13 coded variable comes from an input that has been encrypted with rot13 with a php function, before it got sent over to this other php file to interpret it and verify it.

CodePudding user response：

$clearpwd and $reversedpwd are not the same.

Try comparing them with var_dump($clearpwd === $reversedpwd).

Perhaps there are some spaces around the text in the strings? Try trim($reversedpwd).