I can't seem to make password_verify() work

Question

I hash password before it is store into DB. When I want to get it back and compare with user input I always get "password does not match". I tried a lot of fixes but nothing seems to work. May be the problem is with my syntax, I am not good with php.

if (mysqli_num_rows($result) > 0) {
    // output data of each row
    
    while($row = mysqli_fetch_assoc($result)) {
    if (password_verify($RegisteredPass, $row['pass']))
       {
           echo "tchd";
           echo "ID:".$row['id'] ."|Name:".$row['name']. "|User:".$row['user'];
           }
       else{
           echo "pass doesn`t match";
           
       }
    }
} else {
   
    echo "user not found";
}

Hashing password

$hassedPassword = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);

I am not very concern about security, because it is just for a project. I just need to make it work.

Edit

I changed while loop as was in "duplicate", but it still does not work. Any ideas why?

$sql = "SELECT pass, id, name, user FROM unityTut WHERE user='".$RegisterUser."'";

 $result = $conn->query($sql);
        if ($result->num_rows === 1) {
            $row = $result->fetch_array(MYSQLI_ASSOC);
            if (password_verify($RegisteredPass, $row['pass'])) {

                //Password matches, so create the session
                 
                

echo "Match";

            }else{
                echo  "The username or password do not match";
            }

What is the datatype and length of your password field in your database table? — Brian Gottier, Dec 19 '17 at 16:07
Are you sure the password is correctly stored into the DB? And with "correctly stored" I mean that the password field is a `VARCHAR(255)` — Brigo, Dec 19 '17 at 16:07
If you are not that interested in security, why are you increasing the `cost` value from its default of 10 — RiggsFolly, Dec 19 '17 at 16:09
here is a similar example https://stackoverflow.com/questions/26536293/php-password-hash-password-verify — Leo, Dec 19 '17 at 16:10
Why are you fetching the row in a while loop. I would expect if you are checking the password it would be for a single specific user. Maybe you should show us the query that gets the results you are processing — RiggsFolly, Dec 19 '17 at 16:11
So, field in DB was not VARCHAR(255) but it is now. $RegisteredPass comes from C# from the user I will change cost lower, but it is not a problem now — Tomáš Tom Haverla, Dec 19 '17 at 16:14
Check out https://stackoverflow.com/questions/28729759/php-password-verify-not-working-with-database and https://stackoverflow.com/questions/26536293/php-password-hash-password-verify?noredirect=1&lq=1 solutions — Martin, Dec 19 '17 at 16:18
Possible duplicate of [PHP password\_hash(), password\_verify()](https://stackoverflow.com/questions/26536293/php-password-hash-password-verify) — Martin, Dec 19 '17 at 16:18
`I am not very concern about security, because it is just for a project. I just need to make it work.` You should get marked down for this attitude. It means when security *is* a concern you're tempted to make shortcuts or you fall into issues you would otherwise have resolved by learning the correct methods before it's critical. — Martin, Dec 19 '17 at 16:20
Re your Edit. Good. This shows the problem is almost certainly your character set or your Database. Please show `SHOW CREATE TABLE` to output the structure of your MySQL — Martin, Dec 19 '17 at 16:28
@Martin I am not sure what you want me to show. Do you need to see structure of my table user ? https://ibb.co/hMtsEm ? — Tomáš Tom Haverla, Dec 19 '17 at 16:43
@TomášTomHaverla yes, please edit your Q and add that graphic. Cheers — Martin, Dec 19 '17 at 16:48
@TomášTomHaverla also show us where you set `$RegisteredPass` — Martin, Dec 19 '17 at 16:49

score 1 · Answer 1 · edited Dec 19 '17 at 20:28

So it works now!

Code for login:

$sql = "SELECT pass, id, name, user FROM unityTut WHERE user='".$RegisterUser."'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
    $row = $result->fetch_array(MYSQLI_ASSOC);
    if (password_verify($RegisteredPass, $row['pass'])) {
        echo "Match";
    }else{
        echo  "The username or password do not match";
    }
// ...

VARCHAR(255) Seems to do the trick, but I had to delete all records and register new user. That seems to do the trick too.

I can't seem to make password_verify() work

Edit

1 Answers1