Login

dreamweaver · 07-05-2019, 01:11 PM

Hi,

I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?

I won't paste all the code, just sections that are for the password.

Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.

LOGIN

PHP Code:
$sql = "SELECT * FROM user WHERE email = '".$this->email."'";
            $query = $this->db->query($sql);
            if ($query) {
                foreach ($query->result() as $row) {
                    echo $this->password . "<br>";
                    echo $row->password . "<br>";
                    var_dump(password_verify($this->password, $row->password));
                    if(password_verify($this->password, $row->password)) {
                        echo 'The password is correct';
                        exit();
                    } 
                }
            } 
            else {
                echo 'query failed!';
            }
         

REGISTER

PHP Code:
$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]); 

My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.