John Davidson

mysql - PHP password_verify


I am working on making a login section for my project website using PHP, but for some reason, verify_password won't return true, even when I am giving the correct password. No idea what I am doing wrong here.

Here is the code that I use to add the user to the MySQL table:

$password= $_POST['password'];
$hash = password_hash('$password', PASSWORD_DEFAULT);

// I know this isn't inject proof
$res = $conn->prepare('INSERT INTO login (SSN, UserName, passhash) VALUES (:SSN, :UserName, :passhash)');
$res->bindValue(':SSN', $_POST['UserName']);
$res->bindValue(':UserName', $_POST['UserName']);
$res->bindValue(':passhash', $hash);

It stores the hash in a varchar(60)
Here is the code that takes the password, and verifies it against the hash:

   $userName = $_POST['UserName'];
$password= $_POST['password'];

// I doubt this is inject proof
$res = $conn->prepare("select passhash from login where UserName='$userName'");
//$res->bindValue(':SSN', $_POST['UserName']);
//$res->bindValue(':UserName', $_POST['UserName']);
//$res->bindValue(':hash', $hash);
$result = $res->fetch();

if(!empty($result) && password_verify($password, $result['passhash']))

What can I try next?

My Answer:
query("INSERT INTO users (username, password) VALUES ('$username', '$hash')");

Rate this post

5 of 5 based on 9692 votes


© 2024 - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us