So, in my login form i'm using this logic for password verification:
if($stmt->rowCount() == 1){
if($row = $stmt->fetch()){
$hashed_password = $row['user_password'];
if(password_verify($password, $hashed_password)){
/* Password is correct, so start a new session and save the username to the session */
session_start();
$_SESSION['username'] = $username;
header('location: welcome.php');
} else {
// Display an error message is password is not valid
$password_err = 'The password you entered was not valid.';
}
}
Here is how i'm storing passwords:
// Validate Password
if(empty(trim($_POST['password']))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST['password'])) < 6) {
$password_err = "Password must have atleast 6 characters.";
$password = $_POST['password'];
} else {
$password = trim($_POST['password']);
}
and
if(empty($username_err) && empty($password_err) && empty($confirm_password_err) && empty($email_err)){
$user_name = $_POST['name'];
$sql = "INSERT INTO user (username, user_name, user_password, user_email) VALUES (:username, :user_name, :password, :email)";
if($statement = $connect->prepare($sql)){
$param_username = $username;
$param_password = password_hash($password, PASSWORD_DEFAULT);
$param_user_email = $email;
$param_user_name = $_POST['name'];
$statement->bindValue(':username', $param_username);
$statement->bindValue(':password', $param_password);
$statement->bindValue(':user_name', $param_user_name);
$statement->bindValue(':email', $param_user_email);
if($statement->execute()){
header("location: login.php");
} else {
echo "Something went wrong. Please try again later.";
}
}
If i'm trying to log in. It is showing password not correct error. Is there anything wrong in the logic.
Above pasted code is not complete. I just pasted password comparison logic.
Edit: It is not a duplicate. Last one was registration form and this one is login form.
