1

I am doing a Registration / Login and I can't get hashed passwords to match.

if(isset($_POST["pass"])) {
  $pass = $_POST["pass"];
  $options = array('cost' => 11);
  $pass = password_hash("$pass", PASSWORD_BCRYPT, $options)."\n";    
} 

$sql2 = $db->prepare('INSERT INTO Registrace (Email, Password, Nick) VALUES (:email, :password, :nick)');
$sql2->execute(array(':email' => $email,':password' => $pass, ':nick' => $nick));

Hashed password has been entered in Database.

Now, how do I make the password in login match the one in databse?

if(isset($_POST["pass"])) {
  ? ? ? ? ?     
}



$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick AND Password=:password");
    $sql->bindParam(':nick', $_POST['lognick']);
    $sql->bindParam(':password', $pass);
    $sql->execute();

    if($row = $sql->fetch()){
        $_SESSION['lognick'] = $row['lognick'];
        $_SESSION['lognick'] = $_POST["lognick"];
        $_SESSION['time'] = time();
        header("Location: Logged.php");
}
else {
  $_SESSION['error'] .= "Pass and Nick don't match.  ";
  header("Location: Login.php");   
}

Any idea what to do ?

Improve this question
1

2 Answers 2

Reset to default
4

What you'll need to do is find the username in the database and retrieve the hash, then pass it to password_verify

$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick");
// PDO binds and execute here
if($row = $sql->fetch()) {
     if(!password_verify($_POST['password'], $row['Password']) { //login fail
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Look up the password hash and then check the entered password as follows:

if (password_verify($_POST['pass'], $row['Password'])) {
    // Logged in
} else {
    // Wrong password
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.