₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,329,019 members, 8,438,463 topics. Date: Friday, 03 July 2026 at 01:25 PM

Toggle theme

PHP Password_verify() Function Fails To Work. Help! - Programming - Nairaland

Nairaland ForumScience/TechnologyProgrammingPHP Password_verify() Function Fails To Work. Help! (998 Views)

1 Reply (Go Down)

PHP Password_verify() Function Fails To Work. Help! by concord129(op): 3:43pm On Mar 29, 2020
I have been writing this program for sometimes now but whenever it gets to this particular level where I needed to verify a hashed password in the database against a user input password, it keeps returning wrong password. Below is my signup and login page code.




The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();



if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php"wink;
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php"wink;
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}


if(isset($_SESSION['login_user'])){
header("location: userprofile.php"wink;
}elseif(isset($_SESSION['login_admin'])){
header("location: adminprofile.php"wink;
}




The sign up page:



$password_hash = password_hash($password, PASSWORD_DEFAULT);
//To check if it is real image or not
if(preg_match("!image!", $_FILES['profile_image']['type'])){
//To check if the image copied or not
if(copy($_FILES['profile_image']['tmp_name'], $profile_image)){
$upload_sql = "INSERT INTO userprofile(first_name, surname, last_name, username, password, email, phone_number, country, state, city, user_image)" . "VALUES('$firstname', '$surname', '$lastname', '$username', '$password_hash', '$email', '$phone_number', '$country', '$state', '$city', '$profile_image')";
Re: PHP Password_verify() Function Fails To Work. Help! by Thenaijaitguy: 4:22pm On Mar 29, 2020
Remove the mysql_escape_string ();
Or should work like that
Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:39pm On Mar 29, 2020
concord129:
The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();



if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php"wink;
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php"wink;
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}
The login page:

if(isset($_POST['submit'])){

$email_verify = $mysql->real_escape_string($_POST['login_email']);
$password2 = $mysql->real_escape_string($_POST['login_password']);

$password2_hash = password_hash($password2, PASSWORD_DEFAULT)


if(empty($email_verify) || empty($password2)){
die('Error: Username or password is empty!');
}else{

$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2_hash);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();



if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){
$_SESSION['login_user'] = $email;
header("location: userprofile.php"wink;
}elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){
$_SESSION['login_admin'] = $email;
header("location: adminprofile.php"wink;
}else{
$_SESSION['error_message'] = "Username or password is incorrect!";

}
mysqli_close($mysql);
}
}
Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:41pm On Mar 29, 2020
The user input password is not hashed before comparing it with the hashed one in the database.. Hope this helps.
Re: PHP Password_verify() Function Fails To Work. Help! by Superstar007(m): 12:56am On Mar 30, 2020
concord129:
I have been writing this program for sometimes now but whenever it gets to this particular level where I needed to verify a hashed password in the database against a user input password, it keeps returning wrong password. Below is my signup and login page code.


$query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?";

$stmt = $mysql->prepare($query);
$stmt->bind_param('ss', $email_verify, $password2);
$stmt->execute();
$stmt->bind_result($id, $username, $email, $password_hash, $user_level);
$stmt->store_result();
$stmt->fetch();
Remove the password bit from your sql query as it will not return the details for the user because the password hasn't been hashed yet. You are basically trying to select a row where the email AND the unhashed password the user entered exists.
1 Reply

Nairaland Login Function Is Faulty!Are You A Programmer Or App Developer Who Wish To Work Remotely For A US CompanyBrain Teaser: Recursive Anonymous Function Expression Analysis234

My Experience Clicking Google Admob Ads In My AppI Need Help With My Whatsapp Messenger.Need C# Code For This!