I'm trying to create an authentication system with PDO. The problem I've come across is comparing the password hash from the database to the password hash entered in the form. Comparing the email address from database to the form is working correctly, but I'm thinking the password isn't working because of the type in database. In the USER table, I have the following structure:
CREATE TABLE `USER` (
`ID` bigint(20) NOT NULL AUTO_INCREMENT,
`EMAIL` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT NULL,
`HWID` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT NULL,
`PASSWORD` varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT NULL,
PRIMARY KEY (`ID`)
) ENGINE=InnoDB AUTO_INCREMENT=111896 DEFAULT CHARSET=utf8
This is what I'm currently working with. Any help would be much appreciated.
<?php
session_start();
require 'connect.php';
if(isset($_POST['login'])){
$email = !empty($_POST['EMAIL']) ? trim($_POST['EMAIL']) : null;
$passwordAttempt = !empty($_POST['PASSWORD']) ? trim($_POST['PASSWORD']) : null;
$dbquery = "SELECT ID, EMAIL, PASSWORD FROM USER WHERE EMAIL = :email";
$stmt = $pdo->prepare($dbquery);
$stmt->bindValue(':email', $email);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if($user === false){
die('Email not found');
} else{
$validPassword = password_verify($passwordAttempt, $user['PASSWORD']);
if($validPassword){
$_SESSION['user_id'] = $user['ID'];
$_SESSION['logged_in'] = time();
header('Location: home.php');
exit;
} else{
die('Password incorrect');
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action="login.php" method="post">
<label for="email">Email</label>
<input type="text" id="EMAIL" name="EMAIL"><br>
<label for="password">Password</label>
<input type="password" id="PASSWORD" name="PASSWORD"><br>
<input type="submit" name="login" value="Login">
</form>
</body>
</html>
