password_verify() always return false
1
I am a newbie and I was trying to create a login system using PHP and Mysql. After finishing registration form and adding few users, I was trying to create a login form. but it always returns false saying my your Your username or password is incorrect!. Below is my code. It will be great if someone could help me. Advance sorry if my doubt is tooo basic :/
<?php
session_start();
include '.includesfunctionsdb.php';
?>
<?php
$username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
$password = strtolower(mysqli_real_escape_string($db, $_POST['password']));
$sql = "SELECT * FROM users WHERE username = '$username' ";
$result = mysqli_query($db, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['password'];
echo $hash_pwd;
echo $password;
$hash = password_verify($password, $hash_pwd);
if ($hash ==0)
header("Location: ./index.php?error=check");
exit();
else
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 0)
echo "Your username or password is incorrect!";
else
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
//header("Location: ./index.php");
?>
and my registration page is as follows
<?php
//This Page is for registration of users
?>
<?php
// this php tag is for all includes
include '.includesfunctionsdb.php';
?>
<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"]))
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$date = date('Y-m-d H:i:s');
//Encrypting and Securing recieved data
$username = strtolower(mysqli_real_escape_string($db, $username));
$firstname = strtolower(mysqli_real_escape_string($db, $firstname));
$lastname = strtolower(mysqli_real_escape_string($db, $lastname));
$email = strtolower(mysqli_real_escape_string($db, $email));
$password = strtolower(mysqli_real_escape_string($db, $password));
$encryptedpassword = password_hash($password, PASSWORD_DEFAULT);
//To check duplication of email ids
$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db, $sql);
$row = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found
//To check duplication of usernames
$sql2 = "SELECT username FROM users WHERE username='$username'";
$result2 = mysqli_query($db, $sql2);
$row2 = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found
//conditions to check what all duplicates are found
if($row > 0 && $row2 >0)
echo "Sorry...This email id and username is already taken!!!";
elseif ($row > 0 )
echo "Sorry...This email id is already taken!";
elseif ($row2 > 0)
echo "Sorry...This Username is already taken!";
else
$query = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
if($query)
echo "Thank You! you are now registered.";
?>
php mysql login
edited Nov 16 '16 at 16:47
chris85
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
|
show 16 more comments
1
I am a newbie and I was trying to create a login system using PHP and Mysql. After finishing registration form and adding few users, I was trying to create a login form. but it always returns false saying my your Your username or password is incorrect!. Below is my code. It will be great if someone could help me. Advance sorry if my doubt is tooo basic :/
<?php
session_start();
include '.includesfunctionsdb.php';
?>
<?php
$username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
$password = strtolower(mysqli_real_escape_string($db, $_POST['password']));
$sql = "SELECT * FROM users WHERE username = '$username' ";
$result = mysqli_query($db, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['password'];
echo $hash_pwd;
echo $password;
$hash = password_verify($password, $hash_pwd);
if ($hash ==0)
header("Location: ./index.php?error=check");
exit();
else
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 0)
echo "Your username or password is incorrect!";
else
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
//header("Location: ./index.php");
?>
and my registration page is as follows
<?php
//This Page is for registration of users
?>
<?php
// this php tag is for all includes
include '.includesfunctionsdb.php';
?>
<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"]))
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$date = date('Y-m-d H:i:s');
//Encrypting and Securing recieved data
$username = strtolower(mysqli_real_escape_string($db, $username));
$firstname = strtolower(mysqli_real_escape_string($db, $firstname));
$lastname = strtolower(mysqli_real_escape_string($db, $lastname));
$email = strtolower(mysqli_real_escape_string($db, $email));
$password = strtolower(mysqli_real_escape_string($db, $password));
$encryptedpassword = password_hash($password, PASSWORD_DEFAULT);
//To check duplication of email ids
$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db, $sql);
$row = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found
//To check duplication of usernames
$sql2 = "SELECT username FROM users WHERE username='$username'";
$result2 = mysqli_query($db, $sql2);
$row2 = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found
//conditions to check what all duplicates are found
if($row > 0 && $row2 >0)
echo "Sorry...This email id and username is already taken!!!";
elseif ($row > 0 )
echo "Sorry...This email id is already taken!";
elseif ($row2 > 0)
echo "Sorry...This Username is already taken!";
else
$query = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
if($query)
echo "Thank You! you are now registered.";
?>
php mysql login
edited Nov 16 '16 at 16:47
chris85
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
4
sighstrtolower(mysqli_real_escape_string($db, $_POST['password']));is a bad start. Please show your password_hash code too where you store it in the DB.
– Jon Stirling
Nov 16 '16 at 16:44
1
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
1
MySQL is (typically) case-insensitive, so yourstrtolowercalls are unnecessary. Additionally, if my password werePassWordbut I could log in withPaSsWoRd, you would be getting a very serious talking-to.
– Niet the Dark Absol
Nov 16 '16 at 16:50
1
password_verifyreturns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case,password_verifyseems to be returning true, so the password was correct.
– Jon Stirling
Nov 16 '16 at 16:54
1
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57
|
show 16 more comments
1
1
1
I am a newbie and I was trying to create a login system using PHP and Mysql. After finishing registration form and adding few users, I was trying to create a login form. but it always returns false saying my your Your username or password is incorrect!. Below is my code. It will be great if someone could help me. Advance sorry if my doubt is tooo basic :/
<?php
session_start();
include '.includesfunctionsdb.php';
?>
<?php
$username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
$password = strtolower(mysqli_real_escape_string($db, $_POST['password']));
$sql = "SELECT * FROM users WHERE username = '$username' ";
$result = mysqli_query($db, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['password'];
echo $hash_pwd;
echo $password;
$hash = password_verify($password, $hash_pwd);
if ($hash ==0)
header("Location: ./index.php?error=check");
exit();
else
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 0)
echo "Your username or password is incorrect!";
else
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
//header("Location: ./index.php");
?>
and my registration page is as follows
<?php
//This Page is for registration of users
?>
<?php
// this php tag is for all includes
include '.includesfunctionsdb.php';
?>
<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"]))
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$date = date('Y-m-d H:i:s');
//Encrypting and Securing recieved data
$username = strtolower(mysqli_real_escape_string($db, $username));
$firstname = strtolower(mysqli_real_escape_string($db, $firstname));
$lastname = strtolower(mysqli_real_escape_string($db, $lastname));
$email = strtolower(mysqli_real_escape_string($db, $email));
$password = strtolower(mysqli_real_escape_string($db, $password));
$encryptedpassword = password_hash($password, PASSWORD_DEFAULT);
//To check duplication of email ids
$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db, $sql);
$row = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found
//To check duplication of usernames
$sql2 = "SELECT username FROM users WHERE username='$username'";
$result2 = mysqli_query($db, $sql2);
$row2 = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found
//conditions to check what all duplicates are found
if($row > 0 && $row2 >0)
echo "Sorry...This email id and username is already taken!!!";
elseif ($row > 0 )
echo "Sorry...This email id is already taken!";
elseif ($row2 > 0)
echo "Sorry...This Username is already taken!";
else
$query = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
if($query)
echo "Thank You! you are now registered.";
?>
php mysql login
edited Nov 16 '16 at 16:47
chris85
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
I am a newbie and I was trying to create a login system using PHP and Mysql. After finishing registration form and adding few users, I was trying to create a login form. but it always returns false saying my your Your username or password is incorrect!. Below is my code. It will be great if someone could help me. Advance sorry if my doubt is tooo basic :/
<?php
session_start();
include '.includesfunctionsdb.php';
?>
<?php
$username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
$password = strtolower(mysqli_real_escape_string($db, $_POST['password']));
$sql = "SELECT * FROM users WHERE username = '$username' ";
$result = mysqli_query($db, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['password'];
echo $hash_pwd;
echo $password;
$hash = password_verify($password, $hash_pwd);
if ($hash ==0)
header("Location: ./index.php?error=check");
exit();
else
$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 0)
echo "Your username or password is incorrect!";
else
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
//header("Location: ./index.php");
?>
and my registration page is as follows
<?php
//This Page is for registration of users
?>
<?php
// this php tag is for all includes
include '.includesfunctionsdb.php';
?>
<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"]))
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$date = date('Y-m-d H:i:s');
//Encrypting and Securing recieved data
$username = strtolower(mysqli_real_escape_string($db, $username));
$firstname = strtolower(mysqli_real_escape_string($db, $firstname));
$lastname = strtolower(mysqli_real_escape_string($db, $lastname));
$email = strtolower(mysqli_real_escape_string($db, $email));
$password = strtolower(mysqli_real_escape_string($db, $password));
$encryptedpassword = password_hash($password, PASSWORD_DEFAULT);
//To check duplication of email ids
$sql = "SELECT email FROM users WHERE email='$email'";
$result = mysqli_query($db, $sql);
$row = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found
//To check duplication of usernames
$sql2 = "SELECT username FROM users WHERE username='$username'";
$result2 = mysqli_query($db, $sql2);
$row2 = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found
//conditions to check what all duplicates are found
if($row > 0 && $row2 >0)
echo "Sorry...This email id and username is already taken!!!";
elseif ($row > 0 )
echo "Sorry...This email id is already taken!";
elseif ($row2 > 0)
echo "Sorry...This Username is already taken!";
else
$query = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
if($query)
echo "Thank You! you are now registered.";
?>
php mysql login
php mysql login
edited Nov 16 '16 at 16:47
chris85
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
edited Nov 16 '16 at 16:47
chris85
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
edited Nov 16 '16 at 16:47
chris85
22.3k72343
edited Nov 16 '16 at 16:47
chris85
22.3k72343
edited Nov 16 '16 at 16:47
chris85
22.3k72343
22.3k72343
asked Nov 16 '16 at 16:44
RishadRishad
175110
asked Nov 16 '16 at 16:44
RishadRishad
175110
asked Nov 16 '16 at 16:44
RishadRishad
175110
175110
4
sighstrtolower(mysqli_real_escape_string($db, $_POST['password']));is a bad start. Please show your password_hash code too where you store it in the DB.
– Jon Stirling
Nov 16 '16 at 16:44
1
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
1
MySQL is (typically) case-insensitive, so yourstrtolowercalls are unnecessary. Additionally, if my password werePassWordbut I could log in withPaSsWoRd, you would be getting a very serious talking-to.
– Niet the Dark Absol
Nov 16 '16 at 16:50
1
password_verifyreturns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case,password_verifyseems to be returning true, so the password was correct.
– Jon Stirling
Nov 16 '16 at 16:54
1
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57
|
show 16 more comments
4
sighstrtolower(mysqli_real_escape_string($db, $_POST['password']));is a bad start. Please show your password_hash code too where you store it in the DB.
– Jon Stirling
Nov 16 '16 at 16:44
1
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
1
MySQL is (typically) case-insensitive, so yourstrtolowercalls are unnecessary. Additionally, if my password werePassWordbut I could log in withPaSsWoRd, you would be getting a very serious talking-to.
– Niet the Dark Absol
Nov 16 '16 at 16:50
1
password_verifyreturns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case,password_verifyseems to be returning true, so the password was correct.
– Jon Stirling
Nov 16 '16 at 16:54
1
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57
4
4
sigh
strtolower(mysqli_real_escape_string($db, $_POST['password'])); is a bad start. Please show your password_hash code too where you store it in the DB.– Jon Stirling
Nov 16 '16 at 16:44
sigh
strtolower(mysqli_real_escape_string($db, $_POST['password'])); is a bad start. Please show your password_hash code too where you store it in the DB.– Jon Stirling
Nov 16 '16 at 16:44
1
1
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
1
1
MySQL is (typically) case-insensitive, so your
strtolower calls are unnecessary. Additionally, if my password were PassWord but I could log in with PaSsWoRd, you would be getting a very serious talking-to.– Niet the Dark Absol
Nov 16 '16 at 16:50
MySQL is (typically) case-insensitive, so your
strtolower calls are unnecessary. Additionally, if my password were PassWord but I could log in with PaSsWoRd, you would be getting a very serious talking-to.– Niet the Dark Absol
Nov 16 '16 at 16:50
1
1
password_verify returns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case, password_verify seems to be returning true, so the password was correct.– Jon Stirling
Nov 16 '16 at 16:54
password_verify returns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case, password_verify seems to be returning true, so the password was correct.– Jon Stirling
Nov 16 '16 at 16:54
1
1
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57
|
show 16 more comments
1 Answer
1
active
oldest
votes
0
The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses
answered Nov 11 '18 at 23:09
RishadRishad
175110
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40637613%2fpassword-verify-always-return-false%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses
answered Nov 11 '18 at 23:09
RishadRishad
175110
add a comment |
0
The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses
answered Nov 11 '18 at 23:09
RishadRishad
175110
add a comment |
0
0
0
The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses
answered Nov 11 '18 at 23:09
RishadRishad
175110
The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses
answered Nov 11 '18 at 23:09
RishadRishad
175110
edited Nov 12 '18 at 5:25
answered Nov 11 '18 at 23:09
RishadRishad
175110
answered Nov 11 '18 at 23:09
RishadRishad
175110
answered Nov 11 '18 at 23:09
RishadRishad
175110
175110
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f40637613%2fpassword-verify-always-return-false%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
sigh
strtolower(mysqli_real_escape_string($db, $_POST['password']));is a bad start. Please show your password_hash code too where you store it in the DB.– Jon Stirling
Nov 16 '16 at 16:44
1
Why do you need the second query? You already know the hash came from the record you are querying..
– chris85
Nov 16 '16 at 16:49
1
MySQL is (typically) case-insensitive, so your
strtolowercalls are unnecessary. Additionally, if my password werePassWordbut I could log in withPaSsWoRd, you would be getting a very serious talking-to.– Niet the Dark Absol
Nov 16 '16 at 16:50
1
password_verifyreturns true is the password is correct or false if not, it doesn't return another hash for you to then compare. You're trying to force an old ideology onto the more recent API. In your case,password_verifyseems to be returning true, so the password was correct.– Jon Stirling
Nov 16 '16 at 16:54
1
Why do you have two different tables "users" and "user"? I believe you should have just one table "users". Check your SQL select queries.
– gradosevic
Nov 16 '16 at 16:57