php decrypt password does not work

Question

encrypt the password in the database with the following code:

$pas = $_POST['password'];    
$pass = password_hash($pas, PASSWORD_BCRYPT);

in the solucioncontroller.php I try to verify the encrypted password but it does not work

class solucionController {
include_once 'model/solucion.php';

public function Login()
{
    $solucion = new solucion();
    if (isset($_POST["login"]) && isset($_POST["password"]))
    {
        $login = htmlentities(addslashes($_POST["login"]));
        $password = htmlentities(addslashes($_POST["password"]));
        $solucion = $this->model->Logeo($login, $password);
        $pass= $this->model->getpass();
        if (password_verify($password, $pass)&&$solucion == 1)
        {
            setcookie('usuario', $login, time() + 3600);
            session_start();
            $_SESSION["Usuario"] = $login;
            header("Location: view/header.php");
            header("Location: view/solucion/solucion.php");
            header("Location: view/Footer.php");
        }
    }
    header('Location: index.php');
    return;
}
}

in the model solucion.php I search for the user and the password entered in the login view

class solucion {
public $res;

public function Logeo($login, $pass)
{
    try {
        $sql = "SELECT * FROM logeo WHERE usuario = :login AND pass = :password";
        $resultado = $this->pdo->prepare($sql);
        $resultado->bindValue(":login", $login);
        $resultado->bindValue(":password", $pass);
        $resultado->execute();
        $numero_registro = $resultado->rowCount();
        if ($numero_registro != 0)
        {  
            return 1;
        }
       $this->res = $resultado->fetch(PDO::FETCH_ASSOC);
    } catch (Exception $e) {
        die($e->getMessage());
    }
}
}

public function getpass(){
    return $this->res['pass'];
}

in the login view is the form where you enter the username and password

<?php 
if(isset($_COOKIE['usuario'])){
require 'view/solucion/solucion.php';
}
else{


?>
<a class="btn btn-success pull-right" href="?c=solucion&a=Invitado">Invitado</a>
<h1>Introduce tus datos</h1>
    <form action="?c=solucion&a=Login" method="post">
        <div class="container">
        <label for="login"><b>Username</b></label>
<input type="text" placeholder="Ingrese usuario" name="login" required>
<label for="password"><b>Password</b></label>
<input type="password" placeholder="Ingrese Contraseña" name="password" required>
<button type="submit">Login</button>             
            </div>
        </form>
<?php }?>

when entering the username and password, the data is deleted and I remain in the login view

Answer 1

You should fetch data using usuario only not using usuario and pass from database. Because password saved in database is hashed and can't be compared with simple text password entered by user. Change the model code as below:

class solucion {

    public $res;

    public function Logeo($login, $pass) {
        try {
            $sql = "SELECT * FROM logeo WHERE usuario = :login";
            $resultado = $this->pdo->prepare($sql);
            $resultado->bindValue(":login", $login);
            $resultado->execute();
            $numero_registro = $resultado->rowCount();
            if ($numero_registro != 0) {
                return 1;
            }
            $this->res = $resultado->fetch(PDO::FETCH_ASSOC);
        } catch (Exception $e) {
            die($e->getMessage());
        }
    }
}

public function getpass() {
    return $this->res['pass'];
}

Also need to get password from request as:

$password = $_POST["password"];

instead of

$password = htmlentities(addslashes($_POST["password"]));