How to use password_hash in select

Asked

Viewed 153 times

-1

How do I login with the entire encrypted password ? I used password_hash and now for me to log in as I do ?

if(isset($_POST['loggin']))
{
    $user                = trim(strip_tags($_POST['user']));
    $txtpassword         = $_POST['password'];

    $select = "SELECT id, user, password FROM users WHERE BINARY user=:user";

    $result = $conexao->prepare($select);
    $result->bindParam(':user', $user, PDO::PARAM_STR);
    $result->execute();
    if($result->rowCount() == 1)
    {
        $show = $result->fetch(PDO::FETCH_ASSOC);
        $idSession      = $show['id'];
        $passwordHash   = $show['password'];
    }

    if (password_verify($txtpassword, $passwordHash))
    {
        $_SESSION['userId'] = $idSession;
        header("Location: ?p=home");
        die();
    }
    else
    {
        echo '<script language= "javascript">
        location.href="?p=sign_in&action=error_sign_in";
        </script>';
    }
}

1 answer

2


First search for the password in the bank using the user login, then check:

$senhaPost = $_POST['password']; 
$senhaDB = ...; 

if (password_verify($senhaPost, $senhaDB)) { ... }
  • Where do I put this if

  • 2

    @Williamalvares in the place where you want to check if the password matches or not with the bank. This should already solve your problem.

  • Your code will change a lot, following your logic, it would be where the redirect happens if the user is legitimate or not. Replace from where your if ($Count == 1)...'.

  • @fabianophp edited the post looks there as I did.. yet it gives an error that could not see

  • Ah the error that gives is the passwordHash, n will get nothing for the user t t logged in.. q my stupidity..

  • All right, I got

  • @Good. Don’t forget to accept it as the correct answer to your question.

Show 2 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.