narutofan Posted November 4, 2018 Share Posted November 4, 2018 (edited) Hi, i'm currently facing this problem where i need to verify passwords using password_verify function. After creating the password with password_hash function when i try to login its not logging in and when i try to ouput it the var_dump function for password_verify function is saying bool false. I coudn't figure out where i'm going wrong.it would be of great help if you guys could solve it. here is the code for login script: error_reporting(E_ALL); include_once 'dbconfig.inc.php'; if (isset($_POST['submit-login'])) { $uname= htmlentities($_POST['unamel']); $unamel= stripslashes($uname); $query="select * from user where uname=:uname and activated='1'"; $stmt=$conn->prepare($query); $stmt->bindValue(":uname",$unamel); $stmt->execute(); $user1=$stmt->fetchAll(); $hash='$2y$10$wCt5GTBB1oCFzhc0fh5GeeATPjP8mvxQsFH0taabQdXfqu0prOVCG'; $pass1="123456"; print_r($hash); $passl= password_verify($pass1, $hash); var_dump($passl); exit(); } password hash script: include '../includes/dbconfig.inc.php'; $sess_id=(int)$_SESSION['id']; $ph= htmlentities($_POST['phone']); $em= htmlentities($_POST['email']); $un= htmlentities($_POST['uname']); $fn= htmlentities($_POST['fname']); $ln= htmlentities($_POST['lname']); $pssd= $_POST['current_pass']; $n_pssd= password_hash($_POST['new_password'],PASSWORD_BCRYPT); $privacy=(int)$_POST['privacy']; $phone= stripslashes($ph); $email= stripslashes($em); $uname= stripslashes($un); $fname= stripslashes($fn); $lname= stripslashes($ln); $current_pass= $pssd; $new_pass= $n_pssd; print_r($new_pass); exit(); Edited November 4, 2018 by narutofan just some edits to code Quote Link to comment Share on other sites More sharing options...
requinix Posted November 4, 2018 Share Posted November 4, 2018 That $hash you have is incorrect, and apparently contains a couple invisible characters. Try generating a new one. Quote Link to comment Share on other sites More sharing options...
narutofan Posted November 4, 2018 Author Share Posted November 4, 2018 finally found the solution after googling a bit. Seems like password_hash function requires 60 characters in DB but i gave only 55 after changing it everything works fine now thankis for your patience @requinix Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 4, 2018 Share Posted November 4, 2018 Now you just need to work on your incorrect use of htmlentities and stripslashes, and depending in the name of a button to be submitted in order for the script to work. Hint: All of it needs to go. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.