user4928200
Reputation:
issues with password_verify in PHP
Doing a school assignment so this is probably a trivial question.
Users can create accounts on my "website". I store their passwords using password_hash(). So, at the login page I use
$hash = password_hash($password, PASSWORD_DEFAULT);
where $password is the password the user inputs in the form.
At this point everything works great, a hashed password is saved (I have a limit of 255 characters so there are no problems regarding the size). However, when I, in my login form, want to use password_verify() I have problems. A small code snippet:
$email = $_POST["email"];
$password = $_POST["password"];
$sql = "SELECT password FROM user WHERE email = $email";
$result = mysqli_query($conn, $sql);
if (password_verify($password, $result))
{
echo 'Successful!';
}
else
{
echo 'Unsuccessful!';
}
$result is in this case the hashed password from my database.
When I var_dump($result) I get bool(false). Am i just misunderstanding the functions or am I just messing up my query?
Upvotes: 1
Views: 170
Answers (1)
user4640949
Reputation:
Try something like this:
$sql = "SELECT password FROM user WHERE email = '$email'";
$query = mysqli_query($conn, $sql);
$result = mysqli_fetch_assoc($query);
$hash = $result['password'];
if (password_verify($password, $hash))
{
echo 'Successful!';
}
else
{
echo 'Unsuccessful!';
}
- You didn't fetch the results.
- If you put a variable in a query that is an string you must use '' quotes.
Upvotes: 2
Related Questions
- Why is password_verify returning false?
- Php login password_verify
- PHP password_verify with MYSQL
- Cannot get password_verify to work (PHP, MYSQL)
- password_verify keeps bringing back false
- password_verify() not working with database
- PHP password_verify returning false
- MySql Password_verify() not working?
- issue with password_verify()