password_verify()

[noobdood]

i tired the password_verify() but im not doing it right i think. got a warning:

 

 

 

 password_verify() expects exactly 2 parameters, 1 given

 

trying to login code:

ob_start();
session_start();

if(isset($_POST['login']))
{
    $email = $_POST['email'];
    $password = $_POST['pass'];
    
     require "connection.php";
    
    $emails = mysqli_real_escape_string($con, $email);
    $query = "SELECT id, name, email, password, salt FROM users WHERE email = '$emails';";
    
    $result = mysqli_query($con, $query);
    
    if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.
    {
        echo "<script>alert(\"User does not exist!\")</script>";
    }
    
    $userData = mysqli_fetch_array($result, MYSQLI_ASSOC);
    $hash = $userData['password'];
    
    if(password_verify($password) != $hash)
    {
        echo "<script>alert(\"Incorrect Password!\")</script>";
    }else{
        session_regenerate_id();
        $_SESSION['sess_user_id'] = $userData['id'];
        $_SESSION['sess_name'] = $userData['name'];
        session_write_close();
        header('Location: home.php');
    }
}

[Jacques1]

Please read the manual. Or just use common sense: You verify a password against a given hash, so it's only natural that there are two parameters. The first parameter is for the password, the second is for the hash. If the password matches the hash, the function returns true, otherwise it returns false.

[noobdood]

right sorry. careless me.

if(!password_verify($password, $hash))

got it.

[Jacques1]

Cool. By the way, you can leave out the session_write_close(). PHP automatically commits the session at the end of the script.

[noobdood]

Cool. By the way, you can leave out the session_write_close(). PHP automatically commits the session at the end of the script.

 

ah okay. thanks.