1

Signup code:

    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
    $contact = $_POST['contact'];
    $address = $_POST['address'];

    $query = "INSERT INTO `tbl_user`(`first_name`, `last_name` , `email` , `password`,`contact`, `address`) VALUES
        ('$first_name','$last_name','$email','$hashed_password','$contact','$address')";
    $sql = mysqli_query($con,$query);

Login code :

    $email = $_POST['email'];
    $password = $_POST['password'];
    $query = "SELECT * FROM `tbl_user` WHERE `email` = '$email'";
    $sql = mysqli_query($con,$query);
    $row = mysqli_fetch_array($sql);
    if (password_verify('$password', $row['hashed_password'])) {
        echo 'Password is valid!';
    } else {
        echo 'Invalid password.';
    }

But everytime it is showing Invalid Password even if i enter the correct credentials.

Sahil Gulati
  • 15,028
  • 4
  • 24
  • 42
Peace
  • 616
  • 2
  • 8
  • 24
  • `INSERT INTO... password` ... `password_verify(... $row['hashed_password'])` hmm... – user3942918 Mar 29 '17 at 06:16
  • you are fetching an array and not giving an index number – Gert Mar 29 '17 at 06:16
  • Not sure how string interpolation works in php but check what you have stored in the db. Could be you're literally storing the string `"$hashed_password"`. – sas Mar 29 '17 at 06:42
  • Possible duplicate of [What is the difference between single-quoted and double-quoted strings in PHP?](https://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php) – mickmackusa Jun 18 '17 at 23:08

1 Answers1

3

Error: '$password' instead use it as just $password.

Change this to:

if (password_verify('$password', $row['hashed_password'])) {

This:

if (password_verify($password, $row['hashed_password'])) {
Sahil Gulati
  • 15,028
  • 4
  • 24
  • 42