Sorcerer's IsleDocs cfPassphraseOverviewCode



Checks whether the passphrase provided will produce the hash provided, according to the original algorithm and parameters. (These details are encoded within the hash.)

The hashes can be created with the PassphraseHash function, or by any other source which has used one of the supported algorithms.


A boolean. True if the passphrase passes, false otherwise.

Function syntax

PassphraseCheck( Passphrase , Hash [, Algorithm ])


Name Type Default Description
Passphrase String Required The text to be checked against the hash.
Hash String Required A hash in the format of a supported algorithm.
Algorithm String Optional If unspecified, the algorithm is auto-detected from the hash.


A simplified example showing how PassphraseCheck might be used for logging in:

<cfquery name="UserQuery" datasource="UserAuth">
    SELECT Id , Hash
    FROM User
    WHERE Username = <cfqueryparam value="#Form.Username#" />

<cfif PassphraseCheck( Form.Passphrase , UserQuery.Hash )>
    <cfset User.login(UserQuery.Id) />
    <cfset User.logFailedLoginAttempt(UserQuery.Id) />
    <cfset Errors.append("Incorrect authentication details.") />