password_verify doesn't verify hash

The function password_verify(); takes two parameters; a non-hashed input, and a stored hash to compare it to. It hashes the non-hashed input automatically to compared it to the stored version. So your initial code was re-hashing an already hashed password. Should look like this:

$verify=password_verify($_POST['passwrd'],$row[2]);

if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}

You rehashed the password - just pass the plaintext password and your hash (from db) to password_verify and it works.

password_verify doesn't verify hash

Tags:

Php

Hash

Verification

Password Encryption

Related

Recent Posts