Question 40648 in PHP Question posted in
Official manual can be found here.

Password handler return error even when password is matching – PHP

Here is the code for my password handler

    protected function passwordMatch($username, $password)
    {
        $sql = 'SELECT `username`, `password` FROM `profile` WHERE `username` = ?';
        $stmt = $this->connect()->prepare($sql);
        $stmt->execute([$username]);
        $result = $stmt->fetch();
        if (password_verify($result['password'], $password)) {
            return true;
        }
        return false;
    }

        if ($this->passwordMatch($this->username, $this->password) !== true) {
            $_SESSION['error'] = 'Password not matching';
            header('Location: ../login.php');
            exit();
        }

Expecting: User would be logged on if username & password matches
Try: I tried changing from !== to === to see if that is going to fix the issue, but it would log the user in even if password not matching each other, otherwise I could not tell what is wrong with my code

If you want to see full code here: https://github.com/sammo-2000/login

Tags:

2

Answers


  1. 0

    Maybe it’s because you are hashing the password in the password_hash before comparing?

    Login or Signup to reply.
  2. 0

    I have checked your github source code.

    First of all, you have to extend your password length field in db.

    ALTER TABLE `profile` 
MODIFY COLUMN `password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL AFTER `username`;

    Then please use password_verify() function.

    $sql = 'SELECT `username`, `password` FROM `profile` WHERE `username` = ?';
    $stmt = $this->connect()->prepare($sql);
    $stmt->execute([$username]);
    $result = $stmt->fetch();
    if(password_verify($password, $result["password"] )) {
        
        return true;
    }
    return false;
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search