Cannot verify password with password_verify

Question

I'm trying to achieve a redirect to the home page of the user storing email in the session in Codeigniter. I have used password_hash($this->input->post('password'), PASSWORD_DEFAULT)) to hash the passwords and it works fine, but when I try to password_verify() it, it fails.

Here is my Model

public function canLogin($email, $password) {
    $this->db->where('email',$email);
    $query  =   $this->db->get($this->tableName);
    $row    =   $query->row();
    if ($row) {
        return password_verify($password, $row->password);
    }
    else {
        return false;
    }
}

and here is my Controller

public function loginValidation() {
    // User Model Loaded in constructor
    if ($this->user->canLogin($_POST['email'], $_POST['password'])) {
        $session_data   =   array('email' => $_POST['email'] );
        $this->session->set_userdata($session_data);
        redirect('profile/personal','Refresh');

    } else {
        echo 'fail';
        $this->session->set_flashdata('error', 'Invalid Username or Password');
        // redirect('login','Refresh');
    }
}

I don't know where the logic went wrong and it everytime redirects to the same login page, I am trying to authenticate it, store email in session and redirect it to profile/personal , Can anyone point where I missed the logic?

Answer 1

@YashKaranke what is the password column's length? – Funk Forty Niner
@FunkFortyNiner It is 50 with datatype varchar – Yash Karanke

The password column's length is too short, it should be 60 or 255 as the manual on PHP.net for password_hash() suggests.

You now have to start over with new hashes.

The verification failed silently.

Answer 2

If you're using:

password_hash($this->input->post('password', PASSWORD_DEFAULT));

Are you sure this is hashing correctly? Shouldn't it be:

password_hash($this->input->post('password'), PASSWORD_DEFAULT);