Reputation: 11
password verify not working to compare hashed password with user entered password
I am trying to compare a hashed password with a password the user entered but it does not verify and says password incorrect . I used this code to hash the password:$hashed_password = password_hash($me, PASSWORD_DEFAULT);
the code below is the login check page
host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbll_name="employees_table"; // Table name
$tb2_name="system_users";
$tb3_name="managers_table";
// Connect to server and select databse.
$link = mysqli_connect("$host", "$username", "$password")or die("cannot connect");
mysqli_select_db($link,"$db_name")or die("cannot select DB");
$myusername=$_POST["myusername"];
$mypassword=$_POST["mypassword"];
// To protect MySQL injection (more detail about MySQL injection )
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($link, $myusername);
$mypassword = mysqli_real_escape_string($link, $mypassword);
$statues = "active";
// from system table
if ($sql="SELECT * FROM $tb2_name WHERE User_id='".$myusername."' and statues='".$statues."'");
{
$wql="SELECT * FROM $tb2_name WHERE User_id='".$myusername."' ";
$result2 = mysqli_query($link, $wql);
$details = mysqli_fetch_array($result2, MYSQLI_BOTH);
$Name = $details["Company"];
$Surname = $details["First_name"];
$encrypted_password = $details["Password"];
the above code gets the hashed function from database and the below code compares them . but it shows the password is incorrect even they i am typing the correct password
if (password_verify($mypassword, $encrypted_password))
{
Upvotes: 0
Views: 827
Answers (2)
Reputation: 74216
"i think the hashed password is greater than 30 characters so it just cut after 30. – Jerome"
Your query failed on you "silently" because the password column is (was) too short and you need to clear out your present password(s)/hash(es) and start over again.
As per the manual on the password_hash() function:
http://php.net/manual/en/function.password-hash.php
PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
Upvotes: 3
Reputation: 214
Change your if statement to
if (password_verify($mypassword, $encrypted_password))
{
You had the variables the wrong way and $encrypt was not declared
Upvotes: 2
Related Questions
- password_verify() not working in php
- password_verify() against MySQL doesn't work
- hash variable not work in password_verify () php
- Cant verify users hashed password - mysql & php
- How do i verifying User password from mysql DB
- Verify password hash using password_verify and MySQL
- PHP password_verify() not working with database
- password_verify php not match
- PHP - Comparing hash with database is not working