Problem with authentication error with password verify

Question

I'm trying to implement passwordverify in the PDO syntax of php. I have my passwords hashed when registered. When I click on login this error pops up

Parse error: syntax error, unexpected ';', expecting ',' or ')' in C:\xampp\htdocs\try\authenticate.php on line 25

This is my authenticate.php

<?php 
    require 'database-config.php';

    session_start();

    $username = "";
    $password = "";

    if(isset($_POST['username'])){
        $username = $_POST['username'];
    }
    if (isset($_POST['password'])) {
        $password = $_POST['password'];

    }

    echo $username ." : ".$password;

    $q = 'SELECT * FROM isalonusers WHERE username=:username AND password=:password';

    $query = $dbh->prepare($q);



    $query->execute(array(':username' => $username, ':password' => password_verify($_POST['password'], $password['password']));


    if($query->rowCount() == 0){
        header('Location: index.php?err=1');
    }else{

        $row = $query->fetch(PDO::FETCH_ASSOC);

        session_regenerate_id();
        $_SESSION['sess_user_id'] = $row['id'];
        $_SESSION['sess_username'] = $row['username'];
        $_SESSION['sess_name'] = $row['name'];
        $_SESSION['sess_phone_number'] = $row['phone_number'];
        $_SESSION['sess_gender'] = $row['gender'];
        $_SESSION['sess_address'] = $row['address'];
        $_SESSION['sess_occupation'] = $row['occupation'];
        $_SESSION['sess_birth_date'] = $row['birth_date'];
        $_SESSION['sess_userrole'] = $row['user_type'];

        echo $_SESSION['sess_userrole'];
        session_write_close();

        if( $_SESSION['sess_userrole'] == "admin"){
            header('Location: adminhome.php');
        }else{
            header('Location: index.php?err=1');
        }


    }


?>

What is my syntax error for verifying my password?

Thanks sir Jon Stirling.The verification still didnt go through.now it goes to the error handler. My logic in the syntax is wrong and I don't know what to change :( — shiela mekelele, Feb 01 '19 at 17:31
@shielamekelele Fetch the stored password based on the submitted user, _then_ verify against the submitted password. — Patrick Q, Feb 01 '19 at 17:34
This lacks enough debugging details (`var_dump` all the things) to tell what's going on. Read up on proper password_hash/verify usage, instead of using plain passowrds in the db (which is what this looks like). — mario, Feb 01 '19 at 17:36

Nagender · Answer 1 · 2019-02-01T17:48:27.273

-1

$query->execute(array(':username' => $username, ':password' => password_verify($_POST['password'], $password['password'])));

missing ) in line 25

update

http://php.net/manual/en/function.password-verify.php

according to documentation password_verify will give boolean. all you have to do hash the user input password then compare with db password. like below.

$query->execute(array(':username' => $username, ':password' => $user_input_hashed_password));

edited Feb 01 '19 at 17:48

answered Feb 01 '19 at 17:32

Nagender

47
1
2
6

Thanks sir, I have already fixed this issue too. but the verification still doesn't go. I have something in my syntax wrong and I can't point it out. I have selected the table, my password there is hashed. My thoughts is to make a variable hashedPass then = passwordverify(the password inputted, the password in database). How can I do it sir? – shiela mekelele Feb 01 '19 at 17:36

Problem with authentication error with password verify

1 Answers1