cjburkey01

I have just discovered my error. It was extreme stupidity: $sql -> bindParam(":password", password_hash($email, PASSWORD_DEFAULT)); should be $sql -> bindParam(":password", password_hash($password, PASSWORD_DEFAULT)); in the register form. *sigh* Yup

I'll try that, thanks

So, basically, I have a simple database where users are stored. password_hash is used to insert the passwords, but for some reason, this code: $sql = $conn -> prepare("SELECT `password` FROM `users` WHERE `email`=:email LIMIT 1"); $sql -> bindParam(":email", $email); $sql -> execute(); $out = $sql -> fetch(); print_r(password_verify($password, trim($out['password'])) . " - " . $password . " - " . $out[0]); die(); displays this: - spice - $2y$10$YOVX2MCk8KSpUuii5fEQ5.OUmRh09lEfF.wZ65jh4.PUB5wSgdHim Even if I was using the wrong password, shouldn't it at least return false? Is this some part of a new feature in PHP 7?