PHP Password_verify() Function Fails To Work. Help! - Programming

Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,159,314 members, 7,839,509 topics. Date: Friday, 24 May 2024 at 09:17 PM

PHP Password_verify() Function Fails To Work. Help! - Programming - Nairaland

Nairaland Forum / Science/Technology / Programming / PHP Password_verify() Function Fails To Work. Help! (851 Views)

Nairaland Login Function Is Faulty! / Javascript:how Do I Use drawBox Function.. / Brain Teaser: Recursive Anonymous Function Expression Analysis (2) (3) (4)

(1) (Reply) (Go Down)

PHP Password_verify() Function Fails To Work. Help! by concord129(m): 3:43pm On Mar 29, 2020

I have been writing this program for sometimes now but whenever it gets to this particular level where I needed to verify a hashed password in the database against a user input password, it keeps returning wrong password. Below is my signup and login page code.

The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();

if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php" wink

;
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php" wink

;
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}

if(isset($_SESSION['login_user'])){
header("location: userprofile.php" wink

;
}elseif(isset($_SESSION['login_admin'])){
header("location: adminprofile.php" wink

;
}

The sign up page:

$password_hash = password_hash($password, PASSWORD_DEFAULT);
//To check if it is real image or not
if(preg_match("!image!", $_FILES['profile_image']['type'])){
//To check if the image copied or not
if(copy($_FILES['profile_image']['tmp_name'], $profile_image)){
$upload_sql = "INSERT INTO userprofile(first_name, surname, last_name, username, password, email, phone_number, country, state, city, user_image)" . "VALUES('$firstname', '$surname', '$lastname', '$username', '$password_hash', '$email', '$phone_number', '$country', '$state', '$city', '$profile_image')";

Re: PHP Password_verify() Function Fails To Work. Help! by Thenaijaitguy: 4:22pm On Mar 29, 2020

Remove the mysql_escape_string ();
Or should work like that

Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:39pm On Mar 29, 2020

concord129:

The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();

if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php";
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php";
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}

The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

$password2_hash = password_hash($password2, PASSWORD_DEFAULT)

if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2_hash);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();

if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php" wink

;
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php" wink

;
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}

Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:41pm On Mar 29, 2020

The user input password is not hashed before comparing it with the hashed one in the database.. Hope this helps.

Re: PHP Password_verify() Function Fails To Work. Help! by Superstar007(m): 12:56am On Mar 30, 2020

concord129:
I have been writing this program for sometimes now but whenever it gets to this particular level where I needed to verify a hashed password in the database against a user input password, it keeps returning wrong password. Below is my signup and login page code.

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();

Remove the password bit from your sql query as it will not return the details for the user because the password hasn't been hashed yet. You are basically trying to select a row where the email AND the unhashed password the user entered exists.

(1) (Reply)

Get An Affordable Power Supply For Your Dev Work / Where To Find Your Next Unique IT Opportunity / Let's Be Specific

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 16
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.