CodeIgniter Forums
Use password_hash and verify - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Use password_hash and verify (/showthread.php?tid=78431)



Use password_hash and verify - splitX26 - 01-19-2021

 I am trying to create a register function using password_hash(), and I try to use password_verify for my login function. Currently my register function works well, my password is hashed in my phpmyadmin database but my error comes from my login function. I have a verify_user in my controller


Code:
    function verify_user(){
        $email = $_POST['email'];
        $password = $_POST['password'];
        $this->load->model('login_model');
        $user_details = $this->login_model->verify_user($email,$password);


        if (!empty($user_details)) {

            $user_data =  array
            (
                'user_id' => $user_details['user_id'],
                'email' => $user_details['email'],
                'name' => $user_details['name']
            );

            $this->session->set_userdata('sessiondata',$user_data);
        } else{
            $data = array('msg' => 'Email or Password is wrong.');



            $this->session->set_flashdata('data',$data);

            redirect(base_url());
        }

    }
[font=Arial,]For this part 
[/font]

Code:
$user_details = $this->login_model->verify_user($email,$password);
[font=Arial,] I have this function verify_user in my model:[/font]

Code:
    function verify_user($email,$password)
    {
        $this->db->select('*');
        $this->db->from('users');
        $this->db->where('email',$email);
        //$this->db->where('password',$password);

        $query = $this->db->get();
        $result = $query->row_array();

        if(password_verify($password, $result['password'])){
            return $result;
        }else {
            return "";
        }

    }
[font=Arial,]The password seems not match to my database password [/font]


RE: Use password_hash and verify - paulbalandan - 01-19-2021

PHP Code:
// model
public function verify_user($email$password)
{
    
// fetch records first with matching email
    
$query $this->db->from('users')->where('email'$email)->get();

    if (
$query->num_rows() === 1)
    {
        
$result $query->row_array();

        if (
password_verify($password$result['password']))
        {
            return 
$result;
        }
    }

    return 
'';




RE: Use password_hash and verify - splitX26 - 01-19-2021

Thanks for your answer but my controller still return me : 'Email or Password is wrong.'


RE: Use password_hash and verify - InsiteFX - 01-19-2021

Read this article first.

Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)

The best example that I have seen is how Myth/Auth does it, it uses the above type coding.