PHP - password_verify crashes when passwords dont match :(

Question

I am having a problem with php password_verify, when the passwords match everything works as expected, when the password do not match, it seems like everything crashes, I added some echo's before and after the condition, when they do not match the next echo does not hit.

if(password_verify($current_password, $hashed_password)){

                            if($stmt = mysqli_prepare($link, $sql)){

                                mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);

                                $param_password = password_hash($password, PASSWORD_DEFAULT);
                                $param_id = $id;

                                if(!mysqli_stmt_execute($stmt)){
                                    $resultsArray['response'] = "Something went wrong. Please try again later.";
                                }
                                else
                                {
                                    $resultsArray['response'] = 'Your password has been updated.';
                                }

                                mysqli_stmt_close($stmt);
                            }
                            else
                            {
                                $returnArray['response'] = "Something went wrong. Please try again later.";
                            }
                        }
                        else
                        {

                            $returnArray['response'] = 'Current password does not match.';

                        }

Here is my full method:

function updateUsersSettingsPassword($link, $id, $current_password, $password)
    {
        $resultsArray['response'] = "";

        $sqlCheck = "SELECT password, username FROM ClientValidations WHERE idClient = ?";

        $sql = "UPDATE ClientValidations SET password = ? WHERE idClient = ?";

        if($stmtCheck = mysqli_prepare($link, $sqlCheck)){

            mysqli_stmt_bind_param($stmtCheck, "i", $param_id_check);

            $param_id_check = $id;

            if(mysqli_stmt_execute($stmtCheck)){

                mysqli_stmt_store_result($stmtCheck);

                if(mysqli_stmt_num_rows($stmtCheck) == 1){                    

                    mysqli_stmt_bind_result($stmtCheck, $hashed_password, $username);

                    if(mysqli_stmt_fetch($stmtCheck)){

                        if(password_verify($current_password, $hashed_password)){

                            if($stmt = mysqli_prepare($link, $sql)){

                                mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);

                                $param_password = password_hash($password, PASSWORD_DEFAULT);
                                $param_id = $id;

                                if(!mysqli_stmt_execute($stmt)){
                                    $resultsArray['response'] = "Something went wrong. Please try again later.";
                                }
                                else
                                {
                                    $resultsArray['response'] = 'Your password has been updated.';
                                }

                                mysqli_stmt_close($stmt);
                            }
                            else
                            {
                                $returnArray['response'] = "Something went wrong. Please try again later.";
                            }
                        }
                        else
                        {

                            $returnArray['response'] = 'Current password does not match.';

                        }
                    }
                    else
                    {
                        $returnArray['response'] = "Something went wrong. Please try again later.";
                    }

                } else{

                    $returnArray['response'] = "Something went wrong. Please try again later.";
                }

            }else{

                $returnArray['response'] = "Something went wrong. Please try again later.";

            }

            mysqli_stmt_close($stmtCheck);

        }
        else
        {
            $returnArray['response'] = "Something went wrong. Please try again later.";
        }

        return $resultsArray;
    }

What I am expecting when the passwords do not match for $returnArray['response'] to equal 'Current password does not match.';

What am I doing wrong?

Does show error? If yes what is it. And what is the output wheb password does not match? — Mohd Alomar, Oct 02 '19 at 04:57
Did you enable showing errors? - https://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings — Dave S, Oct 02 '19 at 04:59
might as well delete this then since it won't help anyone else with a PHP password problem. — Dave S, Oct 02 '19 at 05:00
Are you aware that when passwords matches, you are returning `$resultsArray` and when they don't you are returning `$returnArray`? That's probably why you can't view any text, unless you are echoing both variables, which you probably are not doing. — user3153340, Oct 02 '19 at 05:06

PHP - password_verify crashes when passwords dont match :(

0 Answers0