How to verify password whith 2 different forms?

Question

I have 2 forms : one for Registration and one for Login ([not on the same page, one is a modal][1])

(That's why I did 2 issets at the beginning)

The Registration one is working.

However the Login doesn't work because a User can log in with any password.

I want to verify username/email and of course password. How can I do it ?

Thank you!

Here is my code :

    // REGISTRATION
    if (isset($_POST['reg_user']) || isset($_POST['login_user'])) {
        $username = mysqli_real_escape_string($db, $_POST['name']);
        $email = mysqli_real_escape_string($db, $_POST['email']);
        $password = mysqli_real_escape_string($db, $_POST['password']);
        
        $hashed_password = password_hash($password, PASSWORD_DEFAULT);

        $query = "SELECT * FROM utilisateur WHERE pseudoUtil='$username' OR mailUtil='$email'";
        $results = mysqli_query($db, $query);
        if(mysqli_num_rows($results) == 1){
            $_SESSION['message'] = "User already exists !"; 
        }
        else{
            mysqli_query($db, "INSERT INTO utilisateur (pseudoUtil, mailUtil, pwdUtil) VALUES ('$username', '$email', '$hashed_password')");
            $_SESSION['message'] = "Registration complete :)"; 
        }

        // LOGIN
        if (isset($_POST['login_user'])) {
                        
                
            $query2 = "SELECT $hashed_password FROM utilisateur WHERE pseudoUtil='$username' OR mailUtil='$email'";
            $results2 = mysqli_query($db, $query2);

            if(mysqli_num_rows($results2) == 1){
                $_SESSION['username'] = $username;
                header('location: index.php'); 
            }
            else{
            }
        }
    }
    else{
    }

  [1]: https://i.stack.imgur.com/fCdAV.png

Answer 1

registration needs to create the password hash and save it to the database, log in needs to pull the hash from the database and compare to the password

both of these tasks should be complete isolated from each other

this means your code should look more like this note this is an example only not tested as working

POST /register body: username=someone@some.where&password=123456789

function Register(){
    $stmt = $mysqli->prepare("SELECT count * as count FROM users WHERE email=?");
    $stmt->bind_param("s", $_POST["username"]);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if($result->fetch_array(MYSQLI_ASSOC)["count"]>0)
    {
        return "User already exists"
    }
    else
    {
        $hash = password_hash($_POST["password"],PASSWORD_DEFAULT);
        $stmt = $mysqli->prepare("INSERT INTO users (username, hash) values (?,?)");
        $stmt->bind_param("ss", $_POST["username"], $hash);
        $stmt->execute();
        $result = $stmt->get_result();
        //either return success or set up as a successful login and perform login action
    }
 }

POST /login body: username=someone@some.where&password=123456789

 function Login(){
    $stmt = $mysqli->prepare("SELECT hash FROM users WHERE email=?");
    $stmt->bind_param("s", $_POST["username"]);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if(password_verify($_POST["password"], $result->fetch_array(MYSQLI_ASSOC)["hash"]))
    {
        //do successful login 
    }
    else
    {
        //log in failed
    }
 }