Get password verify to work

Question

1.00/5 (1 vote)

See more:

Good day I do not seem to be winning with password verify if anyone could help me, please. thank you.
my registration script looks like this

setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    //echo "Connected to DB successfully";
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
global $bcrypt; // making the $bcrypt variable global so we can use here

       // $timed       = time();
$ip         = $_SERVER['REMOTE_ADDR']; // getting the users IP address
if(isset($_POST['register']))
{
    $password = $_POST['password'];
    $name= $_POST['name'];
    $surname     = $_POST['surname'];
    $ID = $_POST['ID'];
    $phone      = $_POST['phone'];
    $email    = $_POST['email'];
    $name1 = $_POST['name1'];
    $surname1    = $_POST['surname1'];
    $phone1       = $_POST['phone1'];
    $email1      = $_POST['email1'];
    $relationship = $_POST['relationship'];
   // password_hash($password, PASSWORD_DEFAULT);

        
    $password =password_hash($_POST['password'], PASSWORD_DEFAULT);
    

  
    
                            try{
            $query = "INSERT INTO visitors(password,name,surname,ID,phone,email,name1,surname1,phone1,email1, relationship) 
                      VALUES(:fn, :ln, :em, :con, :ph, :ag, :pr, :na, :ge, :ci, :th)";
            $stmt = $conn->prepare($query);
            $stmt->bindparam(":fn",$password);
            $stmt->bindparam(":ln",$name);
            $stmt->bindparam(":em",$surname);
            $stmt->bindparam(":con",$ID);
            $stmt->bindparam(":ph",$phone);
            $stmt->bindparam(":ag",$email);
            $stmt->bindparam(":pr",$name1);
            $stmt->bindparam(":na",$surname1);
            $stmt->bindparam(":ge",$phone1);
            $stmt->bindparam(":ci",$email1);
            $stmt->bindparam(":th",$relationship);
            
            $stmt->execute();
        
            header('location:learnerlogin.php');
               
            }
            catch(PDOException $e){
                echo $e->getMessage();
            //}
        /*?> window.location.href = "index.php"; 
my login script looks like this 
prepare("SELECT username, password FROM visitors WHERE 
username=? AND password=? ");
$query->execute(array($user,$pass));
$row = $query->fetch(PDO::FETCH_BOTH);
$password = $password;
if(password_verify($_POST["password"], $password)) {
  $_SESSION['username'] = $user;
  header('location:studentportal.php');
} else {
  $message = "Invalid login credentials";
}
}
}
?>

What I have tried:

i tried youtube tutorials, exemplary scripts

Posted 29-Jan-20 23:27pm

gavin_daCEO

Updated 30-Jan-20 1:03am

Add a Solution

Comments

Richard MacCutchan 30-Jan-20 6:42am

Do you have a question?

gavin_daCEO 30-Jan-20 7:25am

yes when I try to get verify a password that is stored in the database it does not work. I do not know what am I doing wrong. it does hash but verify gives me a problem

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

MadMyche · Accepted Answer · 2020-01-30T01:04:00

Solution 1

Your problem is with retrieving the password

SELECT statement should only be qualified by the UserName, and you only need to retrieve the hashed password

Here is the basic order of operations for this (I don't want to mess up your PHP which is not my native tongue)

1. "SELECT password FROM visitors WHERE username=?"
2. Bind "username" to SELECT query
3. Execute query
4. Check if there is a result ( no result = user not found )
5. Retrieve "saved hash" from result set
6. Pass "attempted password" and "saved hash" to Password_Verify method

Posted 30-Jan-20 1:04am

MadMyche

Updated 30-Jan-20 1:09am

v2

Comments

gavin_daCEO 30-Jan-20 7:47am

are you saying i must not select the password or i must just select the way you did. thanks in advance. i am new to php

MadMyche 30-Jan-20 7:50am

Use the query from line 1- all you need to retrieve is the password, and the condition for it is the username

gavin_daCEO 30-Jan-20 8:02am

thank you, i do not mean to be nag but could you please show me how do i do this Bind "username" to SELECT query

gavin_daCEO 30-Jan-20 8:21am

it works thank you very much may god bless you and your dream thanks a lot

MadMyche 30-Jan-20 8:30am

You're welcome. I don't do much PHP, and this way you learned a little more. Please consider marking the question solved and rating the answer