vasilis 123
Reputation: 675
php mongodb validate form password
This is my first time using mongodb with php and I have a register and a login form . When a user registers I succesfully hash his password using password_hash() php function and insert it in a mongodb collection . However when I login and insert a password I want to check if inserted password corresponds to a hashed password in the collection using password_verify()
I cannot find the correct syntax to iterate through the collection and check if a hashed password matches with the given password when I login .
My code :
<?php
require '../vendor/autoload.php';
$m = new MongoDB\Client("mongodb://127.0.0.1/");
$db = $m ->ECommerce;
$collection = $db->users;
if($_POST){
$uname = $_POST['uname'];
$pwd = $_POST['pwd'];
//which is the second argument here ? I want to add the database password as argument
$cursor = $collection->find(array('password'=> password_verify($pwd ,...) ));
foreach ($cursor as $doc){
echo $doc["firstName"];
}
}
?>
Upvotes: 1
Views: 239
Answers (1)
Wernfried Domscheit
Reputation: 59523
If you like to use the password_verify() function then I guess you have to run it like this:
$cursor = $collection->find(array('username' => $uname ));
foreach ($cursor as $doc){
if ( password_verify($pwd, $doc["password"]) ) {
echo $doc["firstName"];
}
}
Or with a single query:
$cursor = $collection->find(array('username' => $uname, 'password' => password_hash($pwd) ));
Upvotes: 1
Related Questions
- Mongoose password hashing
- How To Check If A Password Is A Hash - PHP
- Mongoose custom validation for password
- How to verify the password in MongoDB and php?
- Verify hashed password from database
- How to verify password against database?
- login form with php
- Form Validation on Hashed Passwords
- PHP input password match with Hashed DB password
- MongoDB PHP auth