I store my passwords in my database hashed with password_hash(), and I am trying to verify the passwords on login with password_verify(). For some reason password_verify() keeps returning false.
I read the documentation on this function and it said to make sure that the hash used in the function is between single quotes ' ' otherwise it will read the hash like it is three variables because of the $'s, so i tried writing $valid like this '$valid'. But that didn't work.
When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT
When I echo $check the output is 123, which is the password used to create the account.
This is the part of my login.php, and this is where I feel the problem is.
$emailLogin = mysqli_real_escape_string($con, $_POST['emailLogin']);
$passLogin = mysqli_real_escape_string($con, $_POST['passLogin']);
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$pass = $row['pass'];
$key = VUP($passLogin, $pass);
This is part of my verify.php
function VUP($check, $valid){
if (password_verify($check, $valid)) {
$key = 1;
} else {
echo 'Invalid password.';
$key = 0;
die();
}
return $key;
}
Also part of verify.php
function SHP($password){
$hash = password_hash('$password', PASSWORD_BCRYPT);
return $hash;
}
Any advice would be very helpful.
See Question&Answers more detail:os