I have hashed my password on the registration page with next code:
$c_pass = $_POST['c_pass'];
$storePassword = password_hash($c_pass, PASSWORD_BCRYPT, array('cost' => 10));
And on login page I have this code:
$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];
$select_customer = "select * from customers where customer_email='$customer_email' AND customer_pass='$customer_pass'";
When trying to log in, they pop-up me an error screen that my credentials not valid. I try to use
if(password_verify($customer_password,$row['c_pass'])){
But noting help me, can someone write me solution for this because i can't find the solution.
You should remove the AND
from your WHERE
clause because when user types his/her password on login form input, it will be non-hashed and therefore you will never retrieve the user by the composite condition email + password. Instead, you should find the user by identifier (username or email), then you should compare the raw password from login form password input against the hashed from the database. So take a look into the following:
$mysqli = new mysqli('host', 'user', 'password', 'db_name');
// these are submitted input values from the login form which you handle
$email = $_POST['c_email'];
$password = $_POST['c_password'];
// build your query with prepared statements which will retrieve
// the user from the database with login form submitted email
$stmt = $mysqli->prepare('select * from customers where customer_email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
$customer = $result->fetch_assoc();
if (empty($customer)) {
// no user found by this email, so send to user response message
// that your system cannot find any customer by provided email
return false;
}
// here you compare the typed user login password versus the fetched user's password from the database by the provided user email
if (password_verify($password, $customer['c_pass'])) {
// ok, so the password comparison match
} else {
// invalid password
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.