So I was making a login system with MySQL and PHP and found out about the password_hash() and password_verify() functions. Then, just for satisfaction, I tried it on paiza.io
and it worked fine. Then, I created a hash on my website (of "1234" and echoed it, then inserted it by myself into a MySQL database for even more satisfaction. And later on, I got it using mysqli_fetch_array and did the following:
$query = mysqli_query($conn, "SELECT UN, PWD FROM chat WHERE UN = 'test2'");
while ($row = mysqli_fetch_assoc($query)) {
echo $row["PWD"]."<br>";
// echoes the hash I copied and inserted into MySQL.
if (password_verify("1234", $row["PWD"])) {
echo "Verified!";
} else {
echo "Not verified!";
}
}
and whatever I do it says "Not verified!"
then I try this:
if (password_verify("1234", password_hash("1234", PASSWORD_BCRYPT)) {
echo "Verified!";
} else {
echo "Not verified!";
}
and it says "Verified!"
So what should I do?
EDIT:
The insert statement:
INSERT INTO unpw VALUES "$2y$10$ilT3uKq.9AbVuVIqJJFaK.wFyuzZCfmZ5Swjy9mUMEgSn896VNEvO";
Table structure:
Field Type Null Key Default Extra
ID int(11) NO PRI auto_increment
UN tinytext NO
PWD text NO
By DESCRIBE unpw
P.S. I inserted using the Adminer UI not SQL command but this is the command and there is no problem in MySQL it's in password_verify(); I just tried this (still errors):
$hash = the hash;
echo password_verify("1234", $hash);
doesn't echo 1