Click here to Skip to main content
15,350,416 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello thanks for taking your time to read this. I am having a problem with my password hashing and password verifying code in my project. So I can get the password to hash correctly, but when I try to login into my website with the password hashed it doesnt let me login. Any ideas as to why I am getting that error?

index.php code below:
HTML
<form action="login.form.php" method="POST">
              <label class="usernamestyle">User Name :</label
              ><input
                class="loginbox"
                style="margin-bottom: 100px"
                type="text"
                name="user"
                placeholder="Enter User Name"
              /><br />
              <label class="passwordusername">Password: </label
              ><input
                class="passwordbox"
                type="password"
                name="pwd"
                placeholder="Enter Password"
              />
              <button class="loginbuttons" type="submit">Login</button>
            </form>




login.form.php code below:
PHP
<?php

require("db.form.php");

$usersUSERSNAME = $_POST['user'];  
$usersPWD = $_POST['pwd'];  
  
    //to prevent from mysqli injection  
    $username = stripcslashes($usersUSERSNAME);  
    $password = stripcslashes($usersPWD);  
    $username = mysqli_real_escape_string($conn, $usersUSERSNAME);  
    $password = mysqli_real_escape_string($conn, $usersPWD);  
  
    $sql = "select * from users where usersUSERSNAME = '$usersUSERSNAME' and usersPWD = '$usersPWD'";  
    $result = mysqli_query($conn, $sql);  
    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);  
    $count = mysqli_num_rows($result);  
      
    if(password_verify($password, $hashedpwd)){  
        header("location: homepage.php");
    }  
    else{  
        echo "<h1> Login failed. Invalid username or password.</h1>";  
    }   


What I have tried:

I haven't tried much, I tried changing variable but it still doesn't work
Posted
Updated 9-Dec-21 11:19am

I got it since I had the hashedpwd in a different file I had to compare them differently. Updated code for solution is here:
PHP
<?php

require("db.form.php");

$usersUSERSNAME = $_POST['user'];  
$usersPWD = $_POST['pwd'];  
  
$sql = "select usersPWD from users where usersUSERSNAME = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $usersUSERSNAME);
$stmt->execute();
$result = $stmt->get_result();
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);  
if ($row && password_verify($usersPWD, $row['usersPWD'])){
    header("location: homepage.php");
} 
else {
      echo "<h1> Login failed. Invalid username or password.</h1>";  
} 
   
If you are storing a hashed password - and you should at the very least - then you need to hash the user input password in exactly the same way (i.e. use exactly the same code) and then compare the two hashed values.
This may help you get the idea, though it's not in PHP: Password Storage: How to do it.[^]
PHP has it's own hashing mechanism which would be a good place to start: PHP: password_hash - Manual[^] but you should definitely consider salting the input as well.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900