password_verify() is always returning false

Question

I'm using password_verify with two arguments, the hash value that's stored in the Database, and the actual password that the user enters. Here's the code:

$pass = filter_input(INPUT_GET, 'password', FILTER_DEFAULT);
// connecting to the database and executing query, the password is stored in $dpass

  if(password_verify($pass,$dpass))
     echo "Hello User " .  $dname;

else
  echo "Login incomplete";

Now just for clarification:

• Password column in my database is a varchar(256)
• The same filtering function that happens during signin is used during signup
• I tried to password_verify() my password with the same hash value that appeared during signup without using the database returned value (echo hash, copy & paste)
• I echo both hash value and entered password value, they are both correct
• I tried both BCRYPT and DEFAULT and they both weren't verified correctly

What could be the issue?

Answer 1

Thank you everyone for your answers, after I run my echo $pass through every line I noticed that at some point in the code it changes from its original value to a different one, I checked it again and apparently the variable $pass is used in dbconnect.php file that is included throughout the code which has my database configurations and setup, it uses the variable $pass to store the database password, that's what altered the value of the password, I fixed $pass to $usrPass and everything worked fine.

So for anyone in the future facing this issue and seeing this, here are the most common mistakes that lead to password_verify() not to work:

• using double quotes in storing the hash value ($hash = "$2$ds$fdajja..."; using double quotes makes PHP read $2 $ds and $fdajja... as indivisual variables which will probably cause your code to break, USE SINGLE QUOTES INSTEAD.
• echo both hash and entered values and make sure they match the ones that were inserted and generated during password_hash()
• if the database value was different (the hash), make sure the type of its column is varchar(256), the hash is usually 60 characters long but the hashing function is frequently improved so that length may expand in the future.
• if the entered value was different (the user password), make sure the filtering isn't corrupting the password value, also check if another variable has the same name as the one you're storing the password in
• If password_verify($pass, password_hash($pass, PASSWORD_DEFAULT)) "works", then the problem is that $dpass does not contain what is expected - including not being generated correctly (so what does it contain, and why is it not as expected?). If it "doesn't work" then another line is causing the observed behavior. Both of these outcomes allow focusing on a refined problem set. Thanks to user2864740 for pointing that out.

EDIT: Guys the password filter function did nothing at all because there was nothing to be filtered anyway, for those of you who aren't familiar with it the function basically works Input parameters, it works with both GET and POST inputs, since I'm still doing the backend part I'm using GET for testing purposes.