I try to save the encrypted password in MySQL, and for part of the registry it works as it should, when I try to make a login, to the south.
I cannot check $ _POST ['password'] for a hash stored in MySQL. I have no idea what I'm doing wrong.
Here is my register.php, which works as it should:
register.php (working)
$post_password = mysqli_real_escape_string($_POST['password']);
$password_hash = password_hash($post_password, PASSWORD_BCRYPT);
mysqli_query goes here...
login.php (does not work)
$con = mysqli_connect("XXX","XXX","XXX","XXX");
$post_username = mysqli_real_escape_string($con,$_POST['username']);
$post_password = mysqli_real_escape_string($con,$_POST['password']);
$getHash = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM anvandare WHERE username = '$post_username'"));
$got_Hash = $getHash['password'];
if (password_verify($post_password, $got_Hash)) {
echo "The posted password matches the hashed one";
}
else {
echo "The posted password does not match the hashed one";
}
When I run the code above, I get the "Fix Password" message by simply entering the username and leaving the password field.
What am I missing?
user4483652
source
share