Message:

I am working on making a login section for my project website using PHP, but for some reason, verify_password won't return true, even when I am giving the correct password. No idea what I am doing wrong here.

Here is the code that I use to add the user to the MySQL table:

$password= $_POST['password'];

$hash = password_hash('$password', PASSWORD_DEFAULT);



// I know this isn't inject proof

$res = $conn->prepare('INSERT INTO login (SSN, UserName, passhash) VALUES (:SSN, :UserName, :passhash)');

$res->bindValue(':SSN', $_POST['UserName']);

$res->bindValue(':UserName', $_POST['UserName']);

$res->bindValue(':passhash', $hash);

$res->execute();

It stores the hash in a varchar(60)
Here is the code that takes the password, and verifies it against the hash:

   $userName = $_POST['UserName'];

$password= $_POST['password'];



// I doubt this is inject proof

$res = $conn->prepare("select passhash from login where UserName='$userName'");

//$res->bindValue(':SSN', $_POST['UserName']);

//$res->bindValue(':UserName', $_POST['UserName']);

//$res->bindValue(':hash', $hash);

$res->execute();

$result = $res->fetch();



if(!empty($result) && password_verify($password, $result['passhash']))

What can I try next?

My Answer:
query("INSERT INTO users (username, password) VALUES ('$username', '$hash')");

John Davidson

mysql - PHP password_verify

Rate this post

Comments