CODEWITHSUNDEEP
php
bthe0
bthe0

Reputation: 1424

password_verify doesn't return true whatever I'd do

No matter what I am doing I only get the password or username is incorrect string.What's going wrong?I had tried to run php's website example and it was working,so what am I doing wrong? Here's the code guys:

<?php

include __DIR__.'/includes/database.php';


class Login{

    public function validateCredentials($username, $password){
        global $mysqli;
        $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';";
        $result = $mysqli->query($query);
        $row = $result->fetch_array(MYSQLI_NUM);
        if(password_verify($row['0'],$password)){return true;} 
        return false;

    }
}

$object = new Login();

if(isset($_POST['username'])&&isset($_POST['password'])) 
{  
    if($object->validateCredentials($_POST['username'],$_POST['password']))
    {
        echo 'Logged in!';
    }
    else
    {
        echo 'Password or username incorrect!';
    }
}
else
{ 
    echo 'Username or password not entered!';
}
?>

Upvotes: 0

Views: 129

Answers (2)

Zerquix18
Zerquix18

Reputation: 769

Try this... 

<?php

    include __DIR__.'/includes/database.php';


    class Login{

        public function validateCredentials($username, $password){
            global $mysqli;
            $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';";
            $result = $mysqli->query($query);
            $row = $result->fetch_array(MYSQLI_NUM);
            return password_verify($password, $row['0']);

        }
    }

    $object = new Login();

    if(isset($_POST['username'])&&isset($_POST['password'])) 
    {  
        if($object->validateCredentials($_POST['username'],$_POST['password']))
        {
            echo 'Logged in!';
        }
        else
        {
            echo 'Password or username incorrect!';
        }
    }
    else
    { 
        echo 'Username or password not entered!';
    }
    ?>

Upvotes: 1

u_mulder
u_mulder

Reputation: 54831

Let's check for password_verify:

boolean password_verify ( string $password , string $hash )

See - first argument is password and second is hash. In your code it's vice versa, you should use 

if(password_verify($password, $row['0'])){return true;}

Upvotes: 2

Related Questions