narutofan Posted November 4, 2018 Share Posted November 4, 2018 Hi, i'm currently facing this problem where i need to verify passwords using password_verify function. After creating the password with password_hash function when i try to login its not logging in and when i try to ouput it the var_dump function for password_verify function is saying bool false. I coudn't figure out where i'm going wrong.it would be of great help if you guys could solve it. here is the code for login script: error_reporting(E_ALL); include_once 'dbconfig.inc.php'; if (isset($_POST['submit-login'])) { $uname= htmlentities($_POST['unamel']); $unamel= stripslashes($uname); $query="select * from user where uname=:uname and activated='1'"; $stmt=$conn->prepare($query); $stmt->bindValue(":uname",$unamel); $stmt->execute(); $user1=$stmt->fetchAll(); $hash='$2y$10$wCt5GTBB1oCFzhc0fh5GeeATPjP8mvxQsFH0taabQdXfqu0prOVCG'; $pass1="123456"; print_r($hash); $passl= password_verify($pass1, $hash); var_dump($passl); exit(); } password hash script: include '../includes/dbconfig.inc.php'; $sess_id=(int)$_SESSION['id']; $ph= htmlentities($_POST['phone']); $em= htmlentities($_POST['email']); $un= htmlentities($_POST['uname']); $fn= htmlentities($_POST['fname']); $ln= htmlentities($_POST['lname']); $pssd= $_POST['current_pass']; $n_pssd= password_hash($_POST['new_password'],PASSWORD_BCRYPT); $privacy=(int)$_POST['privacy']; $phone= stripslashes($ph); $email= stripslashes($em); $uname= stripslashes($un); $fname= stripslashes($fn); $lname= stripslashes($ln); $current_pass= $pssd; $new_pass= $n_pssd; print_r($new_pass); exit(); Link to comment Share on other sites More sharing options...
requinix Posted November 4, 2018 Share Posted November 4, 2018 That $hash you have is incorrect, and apparently contains a couple invisible characters. Try generating a new one. Link to comment Share on other sites More sharing options...
narutofan Posted November 4, 2018 Author Share Posted November 4, 2018 finally found the solution after googling a bit. Seems like password_hash function requires 60 characters in DB but i gave only 55 after changing it everything works fine now thankis for your patience @requinix Link to comment Share on other sites More sharing options...
benanamen Posted November 4, 2018 Share Posted November 4, 2018 Now you just need to work on your incorrect use of htmlentities and stripslashes, and depending in the name of a button to be submitted in order for the script to work. Hint: All of it needs to go. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.