password_verify() always return false

Question

I am a newbie and I was trying to create a login system using PHP and Mysql. After finishing registration form and adding few users, I was trying to create a login form. but it always returns false saying my your Your username or password is incorrect! . Below is my code. It will be great if someone could help me. Advance sorry if my doubt is tooo basic :/

<?php
    session_start();
    include '.\includes\functions\db.php';
?>

<?php
    $username = strtolower(mysqli_real_escape_string($db, $_POST['username']));
    $password = strtolower(mysqli_real_escape_string($db, $_POST['password']));

    $sql        = "SELECT * FROM users WHERE username = '$username' ";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_fetch_assoc($result);
    $hash_pwd   = $row['password'];
    echo $hash_pwd;
    echo $password;
    $hash       = password_verify($password, $hash_pwd);

    if ($hash ==0) {
        header("Location: ./index.php?error=check");
        exit();
    }else {
        $sql = "SELECT * FROM user WHERE username = '$username' AND password = '$hash_pwd'";
        $result = mysqli_query($db, $sql);
        if (mysqli_num_rows($result) == 0) {
            echo "Your username or password is incorrect!";
        }else {
            $_SESSION['id'] = $row['id'];
            $_SESSION['username'] = $row['username'];
        }
        //header("Location: ./index.php");
    }
?>

and my registration page is as follows

<?php
//This Page is for registration of users
?>

<?php
// this php tag is for all includes
include '.\includes\functions\db.php';

?>

<?php
//print isset($_POST["submit"]);
//Getting all details inserted in form
if(isset($_POST["register"])){
    $username   = $_POST['username'];
    $firstname  = $_POST['firstname'];
    $lastname   = $_POST['lastname'];
    $email      = $_POST['email'];
    $password   = $_POST['password'];
    $date       = date('Y-m-d H:i:s');

    //Encrypting and Securing recieved data
    $username               = strtolower(mysqli_real_escape_string($db, $username));
    $firstname              = strtolower(mysqli_real_escape_string($db, $firstname));
    $lastname               = strtolower(mysqli_real_escape_string($db, $lastname));
    $email                  = strtolower(mysqli_real_escape_string($db, $email));
    $password               = strtolower(mysqli_real_escape_string($db, $password));
    $encryptedpassword      = password_hash($password, PASSWORD_DEFAULT);

    //To check duplication of email ids
    $sql        = "SELECT email FROM users WHERE email='$email'";
    $result     = mysqli_query($db, $sql);
    $row        = mysqli_num_rows($result);//$row will return count of rows if any duplicate email ids are found

    //To check duplication of usernames
    $sql2       = "SELECT username FROM users WHERE username='$username'";
    $result2    = mysqli_query($db, $sql2);
    $row2        = mysqli_num_rows($result2);//$row2 will return count of rows if any duplicate usernames are found

    //conditions to check what all duplicates are found
    if($row > 0 && $row2 >0){
        echo "Sorry...This email id and username is already taken!!!";
    } elseif ($row > 0 ) {
        echo "Sorry...This email id is already taken!";
    } elseif ($row2 > 0) {
        echo "Sorry...This Username is already taken!";
    }else {
        $query  = mysqli_query($db, "INSERT INTO users (username, firstname, lastname, password, email, regdate) VALUES
        ('$username', '$firstname', '$lastname', '$encryptedpassword', '$email', '$date')");
        if($query){
            echo "Thank You! you are now registered.";
        }
    }
}

?>

Answer 1

The error in my code is because of password = '$hash_pwd' condition in my where clause. When i retried row with given username and later verified password using php, it works as intended. I guess password hashed in php using password_hash() cannot be retrived and verified like encryption. Anyway thanks for all of yours responses