I know I registered ” 1 ” as the password but as I check the password stored in the DB using password_verify(), it can’t be recognized correctly. Can someone point out what I did wrong? If I use md5() or sha1() it works fine but I know, this is a more secure implementation of hashing password.
handleForms.php
if (isset($_POST['registerUserBtn'])) {
$username = sanitizeInput($_POST['username']);
$first_name = sanitizeInput($_POST['first_name']);
$last_name = sanitizeInput($_POST['last_name']);
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
if (!empty($username) && !empty($first_name) && !empty($last_name) && !empty($password) && !empty($confirm_password)) {
if ($password == $confirm_password) {
$insertQuery = insertNewUser($pdo, $username, $first_name,
$last_name, password_hash($_POST['password'], PASSWORD_DEFAULT));
if ($insertQuery) {
header("Location: ../login.php");
}
else {
header("Location: ../register.php");
}
}
else {
$_SESSION['message'] = "Please make sure that both passwords are equal";
header("Location: ../register.php");
}
}
else {
$_SESSION['message'] = "Please make sure that all input fields are not empty!";
header("Location: ../register.php");
}
}
if (isset($_POST['loginUserBtn'])) {
$username = sanitizeInput($_POST['username']);
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
$loginQuery = loginUser($pdo, $username, $password);
$userIDFromDB = $loginQuery['user_id'];
$usernameFromDB = $loginQuery['username'];
$passwordFromDB = $loginQuery['password'];
echo "WHAT YOU TYPED: " . $password . "<br>";
echo "FROM THE DB: " . $passwordFromDB . "<br>";
if (password_verify($password, $passwordFromDB)) {
echo "YES EQUAL";
}
else {
echo "NOT EQUAL";
}
}
else {
$_SESSION['message'] = "Please make sure the input fields
are not empty for the login!";
header("Location: ../login.php");
}
}
models.php
function insertNewUser($pdo, $username, $first_name, $last_name, $password) {
$checkUserSql = "SELECT * FROM user_accounts WHERE username = ?";
$checkUserSqlStmt = $pdo->prepare($checkUserSql);
$checkUserSqlStmt->execute([$username]);
if ($checkUserSqlStmt->rowCount() == 0) {
$sql = "INSERT INTO user_accounts (username, first_name, last_name, password) VALUES(?,?,?,?)";
$stmt = $pdo->prepare($sql);
$executeQuery = $stmt->execute([$username, $first_name, $last_name, $password]);
if ($executeQuery) {
$_SESSION['message'] = "User successfully inserted";
return true;
}
else {
$_SESSION['message'] = "An error occured from the query";
}
}
else {
$_SESSION['message'] = "User already exists";
}
}
function loginUser($pdo, $username, $password) {
$sql = "SELECT * FROM user_accounts WHERE username=?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$username]);
if ($stmt->rowCount() == 1) {
$userInfoRow = $stmt->fetch();
return $userInfoRow;
}
}