Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Why password_verify Not Passing The Verification ?

password_verify php

This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 uniqueideaman

uniqueideaman

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 57 posts

Posted 20 September 2017 - 05:48 AM

Php Programmers,
 
 
Why does the password_verify keep failing ? I checked the myql tbl column name (passwords) and there is no typo.
The $query is able to get the $result querying the db ($result = true).
The password_verify is in this format:
 
password_verify(User Input Password, Password found in DB).
if (password_verify($password, (string)$row['passwords']))
 
I type casted the 2nd param of password_verify because it was giving error before:
 
Fatal error: Uncaught TypeError: password_verify() expects parameter 2 to be string, null given in /home/user/public_html/php/login.php:64 Stack trace: #0 /home/user/public_html/php/login.php(64): password_verify('password', NULL) #1 {main} thrown in /home/luser/public_html/php/login.php on line 64
 
After type casting the error is gone. But new problem. I get echoed that, the password_verify failed. I created a condition ith the echo to echo that if the password_verify fails:
 
if (password_verify($password, $row['passwords']))
{
$_SESSION["user"] = $username;
header("location:home.php?user=$username"); 
}
else
{
echo "'password_verify' function failed!";
exit();
}
 
 
Here, the full code:

<?php
 
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 
include 'config.php';
 
// check if user is already logged in
if (is_logged() === true) 
{
//Redirect user to homepage page after 5 seconds.
header("refresh:5;url=home.php");
exit; //
}
 
 
if ($_SERVER['REQUEST_METHOD'] == "POST")
{ 
if (isset($_POST["login_username"]) && isset($_POST["login_password"]))
{
$username = trim($_POST["login_username"]); //
$password = trim($_POST["login_password"]); //
$hashed_password = password_hash($_POST["login_password"], PASSWORD_DEFAULT);
         
//Select Username or Email to check against Mysql DB if they are already registered or not.
 
$stmt = mysqli_stmt_init($conn);
        
$stmt = mysqli_prepare($conn, "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE usernames = ?"); 
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // ... this line. But not both.
$row = mysqli_stmt_fetch($stmt); 
 
 
printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
echo "var_dump(result)";var_dump($result)?><br><?php //On experiment, this showing as: () bool(true);
 
if ($result == false)
{
echo "Incorrect Login Details!";
echo "$result == false";
exit(); 
}
elseif ($row['accounts_activations_statuses'] == '0')
{
{
echo "You have not activated your account! Check your email for instructions.";
exit();
}
}
else
{
echo '$result == True'; //for debugging purpose
echo "'Hashed Password from Data Base:' $db_password<br>"; //for debugging purpose
}
 
if (password_verify($password, $row['passwords']))
{
$_SESSION["user"] = $username;
header("location:home.php?user=$username"); 
}
else
{
echo "'password_verify' function failed!";
exit();
}
}
}
 
?>
 
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3><?php $site_name ?> Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label>Username:</label>
<input type="text" placeholder="Enter Username" name="login_username" value=""</center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" placeholder="Enter password" name="login_password" value=""></center>
</div>
<div class="form-group">
<center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center>
</div>
</form>
</div>
</body>
</html>
 

 
What is causing the password_verify to fail the verification ?