Php Programmers,
Why does the password_verify keep failing ? I checked the myql tbl column name (passwords) and there is no typo.
The $query is able to get the $result querying the db ($result = true).
The password_verify is in this format:
password_verify(User Input Password, Password found in D?.
[code]
if (password_verify($password, (string)$row[‘passwords’]))
I type casted the 2nd param of password_verify because it was giving error before:
Fatal error: Uncaught TypeError: password_verify() expects parameter 2 to be string, null given in /home/user/public_html/php/login.php:64 Stack trace: #0 /home/user/public_html/php/login.php(64): password_verify(‘password’, NULL) #1 {main} thrown in /home/luser/public_html/php/login.php on line 64
After type casting the error is gone. But new problem. I get echoed that, the password_verify failed. I created a condition ith the echo to echo that if the password_verify fails:
[code]
if (password_verify($password, $row[‘passwords’]))
{
$_SESSION[“user”] = $username;
header(“location:home.php?user=$username”);
}
else
{
echo “‘password_verify’ function failed!”;
exit();
}
Here, the full code:
[code]
<?php
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set(‘display_errors’, ‘1’);
ini_set(‘display_startup_errors’, ‘1’);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include ‘config.php’;
// check if user is already logged in
if (is_logged() === true)
{
//Redirect user to homepage page after 5 seconds.
header(“refresh:5;url=home.php”);
exit; //
}
if ($_SERVER[‘REQUEST_METHOD’] == “POST”)
{
if (isset($_POST[“login_username”]) && isset($_POST[“login_password”]))
{
$username = trim($_POST[“login_username”]); //
$password = trim($_POST[“login_password”]); //
$hashed_password = password_hash($_POST[“login_password”], PASSWORD_DEFAULT);
//Select Username or Email to check against Mysql DB if they are already registered or not.
$stmt = mysqli_stmt_init($conn);
$stmt = mysqli_prepare($conn, “SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE usernames = ?”);
mysqli_stmt_bind_param($stmt, ‘s’, $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // … this line. But not both.
$row = mysqli_stmt_fetch($stmt);
printf(“%s (%s)n”,$row[“usernames”],$row[“passwords”]);
echo “var_dump(result)”;var_dump($result)?><br><?php //On experiment, this showing as: () bool(true);
if ($result == false)
{
echo “Incorrect Login Details!”;
echo “$result == false”;
exit();
}
elseif ($row[‘accounts_activations_statuses’] == ‘0’)
{
{
echo “You have not activated your account! Check your email for instructions.”;
exit();
}
}
else
{
echo ‘$result == True’; //for debugging purpose
echo “‘Hashed Password from Data Base:’ $db_password<br>”; //for debugging purpose
}
if (password_verify($password, $row[‘passwords’]))
{
$_SESSION[“user”] = $username;
header(“location:home.php?user=$username”);
}
else
{
echo “‘password_verify’ function failed!”;
exit();
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Login Page</title>
<meta charset=”utf-8″>
</head>
<body>
<div class = “container”>
<form method=”post” action=””>
<center><h3><?php $site_name ?> Login Form</h3></center>
<div class=”text-danger”>
<div class=”form-group”>
<center><label>Username:</label>
<input type=”text” placeholder=”Enter Username” name=”login_username” value=””</center>
</div>
<div class=”form-group”>
<center><label>Password:</label>
<input type=”password” placeholder=”Enter password” name=”login_password” value=””></center>
</div>
<div class=”form-group”>
<center><input type=”submit” name=”login_submit” value=”Login” class=”button button-success” /></center>
</div>
</form>
</div>
</body>
</html>
What is causing the password_verify to fail the verification ?