How do I compare hashed password in database with password from user?

Question

The user is able to sign up to the website that I'm making and the password that is inserted into the database is hashed

$hashedpassword = password_hash($password, PASSWORD_DEFAULT);

Now when the user tries to login I'm not sure how to take the password they entered and compare it with the hashed version in the database, I tried this but it's not working

<?php
session_start(); 

$username = $_POST['username']; 
$password = $_POST['password']; 
$pwdcheck = password_verify($password, $row["password"]);


$conn = mysqli_connect("localhost", "root", "", "cadabra"); 

$query = "SELECT username, password from register where username=? AND password=? LIMIT 1";

$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $pwdcheck);
$stmt->execute();  
$stmt->bind_result($username, $pwdcheck);
$stmt->store_result();

if($stmt->fetch()) {  
    $_SESSION["login_user"] = $username; 
    header("Location: ../Login.php?LoginSuccessful");
} else {
    header("Location: ../Login.php?LOGINFAILED"); 
}
mysqli_close($conn);

I do use it, I've been trying to get it to work but I'm still struggling — su042002, Apr 04 '20 at 01:26
You're calling `password_verify()` before you fetch the row. How do you expect that to work? And `password_verify()` just returns true or false, not something that's in the `password` column of the database. — Barmar, Apr 04 '20 at 04:13
You shouldn't have `AND password = ?` in the query. Just fetch the password for the username. Then call `password_verify()`. See the examples in the duplicate question. — Barmar, Apr 04 '20 at 04:14

How do I compare hashed password in database with password from user?

0 Answers0