I use my inserted passwords through password_hash. I check them with password_verify.
However, when I insert a hashed password into my database and I try to verify it, both outputs are always different from each other.
my pages are as follows:
main_login.php (form):
<?php include 'header.php';?> <body> <form role="form" method="post" action="login.php"> <div class="form-group"> <label for="usrname">Username:</label> <input type="text" class="form-control" name="usrname" placeholder="Enter username"> </div> <div class="form-group"> <label for="passwrd">Password:</label> </div> <input type="password" class="form-control" name="passwrd" placeholder="Enter password"> <br> <input type="checkbox">Remember Me <br> <br> <button type="submit" class="btn btn-default">Submit</button> </form> </body> </html>
login.php (handler):
<?php include 'vars.php'; include 'header.php'; $sql="SELECT * FROM members WHERE usrname='$usrname'"; $result=mysqli_query($con,$sql); $count=mysqli_num_rows($result); $row=mysqli_fetch_row($result); $verify=password_verify($hash,$row[2]); if($verify){ $_SESSION["usrname"]=$usrname; echo "Correct"; } else { echo "user: " . $usrname. "<br>"; echo "pass: " . $hash. "<br>"; echo "db: " . $row[2]."<br>"; echo "Wrong Username or Password"; } ?>
vars.php:
<?php $h='localhost';$u='caelin';$p='****';$d='ombouwnh'; $con=mysqli_connect($h,$u,$p,$d); $usrname=$_POST['usrname']; $passwrd=$_POST['passwrd']; $hash=password_hash($passwrd, PASSWORD_DEFAULT); ?>
when I try to login using the username 'caca' and password 'caca', I get a different output for both, each time I repeat. I can not find this problem in stackoverflow.
TIA
PS. If you need more information, ask them.
source share