Reputation: 35
hash variable not work in password_verify () php
I hashed my password using password_hash(), and verify using password_verify();
When i write the hash directly in variable the value be True
$hash = '$2y$10$lKwHxxc1YJI01ftNe33pcOvddAVrLd0GHwb3Ya3eqQJ2HxycpHjpO';
But When i call the value from MySQL the value be false when i put it in this function , i make echo for the value and the value been true , but i don't know why being false when i put it in password_verify();
I look for all previous questions about this problem but i didn't found any answer, this is my code
if(isset($_POST['submit'])=="Log In") {
$password = 'aliali12';
$sql = mysqli_query($con, "SELECT * FROM users WHERE user_id = 1");
$hashed_pass = mysqli_fetch_assoc($sql);
if (password_verify("$password",$hashed_pass['user_pass'])){
echo "Correct Password";
} else {
echo 'There are some wrong';
}
}
Edit:
Here is the code that was used to hash the password with:
$password = mysqli_real_escape_string($con, $_POST['changePassword']);
$hash = password_hash("$password", PASSWORD_BCRYPT)."\n";
Upvotes: 1
Views: 496
Answers (1)
Reputation: 26450
There seems to be two issues here. From your comment we found that...
- You're using
mysqli_real_escape_string()on the password before hashing it. You should never modify passwords before inserting them, keep it clean. This function could possibly change passwords, if they contain for example single-quotes. - You have
\nconcated to the hash before inserting it, while comparing, it does not have that. This needs to be removed when hashing the password when this data is being inserted.
These needs to be corrected (the real_escape() shouldn't be on passwords, and the newline removed), and the password inserted again after these corrections has been made.
In additon to this,
if(isset($_POST['submit'])=="Log In") {
isn't what you think it is. It will technically work, as it will compare a boolean to true (so you get true == true if its set, false == true otherwise). It should simply be
if (isset($_POST['submit'])) {
Upvotes: 3
Related Questions
- password_verify() not working in php
- password_verify() against MySQL doesn't work
- password_verify does not work
- password verify not working to compare hashed password with user entered password
- Password_verify in PHP
- Verify password hash using password_verify and MySQL
- PHP password_verify() not working with database
- password_verify php not match
- PHP - password_verify issue