I hashed my password using this PHP function,
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
and everything looks fine in the database, but I cannot log in.
I tried this code for login but it won’t work
<?php require_once 'db.php';
// step 1 form submission check
if($_SERVER['REQUEST_METHOD'] == "POST"){
// step 2 input validation
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if(empty($username) || empty($password) ){
header('Location: login.php?message=Both Fields Are Required');
exit();
}else{
// step 3 Database Query
$stmt = $conn->prepare("SELECT * FROM mismatch_user WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
// step 4 Authentication
if (password_verify($password, $result['password'])) {
session_start();
$_SESSION['username'] = $username;
header("Location: index.php");
exit();
}else{
header("Location: login.php?message=Invalid Username or Password");
exit();
}
}
}
?>