noobdood Posted May 20, 2014 Share Posted May 20, 2014 i tired the password_verify() but im not doing it right i think. got a warning: password_verify() expects exactly 2 parameters, 1 given trying to login code: ob_start(); session_start(); if(isset($_POST['login'])) { $email = $_POST['email']; $password = $_POST['pass']; require "connection.php"; $emails = mysqli_real_escape_string($con, $email); $query = "SELECT id, name, email, password, salt FROM users WHERE email = '$emails';"; $result = mysqli_query($con, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { echo "<script>alert(\"User does not exist!\")</script>"; } $userData = mysqli_fetch_array($result, MYSQLI_ASSOC); $hash = $userData['password']; if(password_verify($password) != $hash) { echo "<script>alert(\"Incorrect Password!\")</script>"; }else{ session_regenerate_id(); $_SESSION['sess_user_id'] = $userData['id']; $_SESSION['sess_name'] = $userData['name']; session_write_close(); header('Location: home.php'); } } Quote Link to comment https://forums.phpfreaks.com/topic/288616-password_verify/ Share on other sites More sharing options...
Solution Jacques1 Posted May 20, 2014 Solution Share Posted May 20, 2014 Please read the manual. Or just use common sense: You verify a password against a given hash, so it's only natural that there are two parameters. The first parameter is for the password, the second is for the hash. If the password matches the hash, the function returns true, otherwise it returns false. Quote Link to comment https://forums.phpfreaks.com/topic/288616-password_verify/#findComment-1480133 Share on other sites More sharing options...
noobdood Posted May 20, 2014 Author Share Posted May 20, 2014 right sorry. careless me. if(!password_verify($password, $hash)) got it. Quote Link to comment https://forums.phpfreaks.com/topic/288616-password_verify/#findComment-1480139 Share on other sites More sharing options...
Jacques1 Posted May 20, 2014 Share Posted May 20, 2014 Cool. By the way, you can leave out the session_write_close(). PHP automatically commits the session at the end of the script. Quote Link to comment https://forums.phpfreaks.com/topic/288616-password_verify/#findComment-1480140 Share on other sites More sharing options...
noobdood Posted May 20, 2014 Author Share Posted May 20, 2014 Cool. By the way, you can leave out the session_write_close(). PHP automatically commits the session at the end of the script. ah okay. thanks. Quote Link to comment https://forums.phpfreaks.com/topic/288616-password_verify/#findComment-1480143 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.