1

I am using password_verify to verify the hash but it is not doing what is expected, please help me with my code

I've tried searching for answers but can't find one

//Putting the hashed passwords to the data base


 session_start();
    require('connect.php');
    $hashedPwd = password_hash($dbcon, PASSWORD_DEFAULT);
    $con = mysqli_connect("****", "***", "***", "***"); 

    $dbcon = $_POST['dbcon'];
    mysqli_query($con,"INSERT INTO `epiz_22821280_codes`.`auth_code` 
    (`passcode`) VALUES ('$hashedPwd');");

//Password test if I inserted 123456 on dbcon POST field



session_start();
    require('connect.php');

    $input = "123456";
    $hashedPwdInDb = password_hash("$input", PASSWORD_DEFAULT);
    $query = "SELECT * FROM `auth_code` WHERE passcode='$input' ";
    $result = mysql_query($query);

    $hash = "$query";
    if(password_verify($input, $hash )){
    print('success');

    } else  {
    print('not success');

    }

I'm not getting the same reseult as he hashed passwords

Qirel
  • 25,449
  • 7
  • 45
  • 62
  • 2
    Because you can do `WHERE passcode='hashed string'`, you need to fetch it from `SELECT` and match it against it with `password_verify()`. – Qirel May 23 '19 at 10:43
  • 1
    Why on earth are you passing dbcon into password_hash? Is it just a badly named variable since you'd normally expect that to be a db connection resource / object? It also gets (re-?)assigned after you use it by the looks of it, which seems odd. And you're mixing mysql_* and mysqli_* functions? – Jonnix May 23 '19 at 10:44
  • You should have some sort of userid associated with the password, then use that to retrieve the password. – user3783243 May 23 '19 at 10:50
  • Possible duplicate of [password\_hash returns different value every time](https://stackoverflow.com/questions/33108720/password-hash-returns-different-value-every-time) – user3783243 May 23 '19 at 10:50
  • Specifically from that thread `password_hash is designed to generate a random salt every time`. – user3783243 May 23 '19 at 10:51

0 Answers0