0

I'm having an issue getting password_verify to validate the password.

I have the password stored in the database using 

password_hash($password, PASSWORD_DEFAULT)

On the login page, I have the user enter their username and password and retrieve the input via the post method $_POST['pwd'] (which is the user's input for the password).

I then retrieve the hashed password from the database and check it against the password from the login 

if(password_verify($password, $results['password']))

I can't seem to figure out why the password never seems to match. I've read filter/escape can affect password_verify() and changed that as well and got the same result. Any help would be appreciated.

    <?PHP 
     include('connection.php');

    if(isset($_POST['submit'])){
    $username = trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING));
    $password = trim(filter_input(INPUT_POST, 'pwd', FILTER_SANITIZE_STRING));
    $sql = $db->query("SELECT password FROM users WHERE username = '$username'");
    $results = $sql->fetch(PDO::FETCH_ASSOC);

    $savedHash =  $results['password'];

    //echo $savedHash;

    if(password_verify($password, $savedhash)){
    echo "yes " . $password;
    }else{
    echo "no";
    }         
    ?>
Phil
  • 157,677
  • 23
  • 242
  • 245
Silverback
  • 21
  • 8
  • 3
    Other than using `trim()`, I wouldn't perform any filtering or transformation of any kind on the posted `pwd` value – Phil Apr 28 '20 at 23:47
  • @mario in the interest of keeping OP's blood pressure down, could you explain how that's a relevant duplicate? – Phil Apr 28 '20 at 23:48
  • 4
    @Phil Because of the notice. (Variable names / case-sensitivity) – mario Apr 28 '20 at 23:49
  • @mario ah, nicely spotted. To point out the obvious, `$savedHash` is not the same as `$savedhash` – Phil Apr 28 '20 at 23:50
  • even with that typo fixed the problem is still the same. That was a mistake I made from trying to figure out the problem. @phil – Silverback Apr 29 '20 at 00:57
  • @Silverback please make sure you [follow the instructions above](https://stackoverflow.com/questions/845021/how-can-i-get-useful-error-messages-in-php) to get better error reporting enabled. Then, please [update your question](https://stackoverflow.com/posts/61491757/edit) to match your current code. If you can do all that and are still having issues, we can try and get your question re-opened – Phil Apr 29 '20 at 00:59

0 Answers0