Welcome Guest, Not a member yet? Register   Sign In
Use password_hash and verify
#1

 I am trying to create a register function using password_hash(), and I try to use password_verify for my login function. Currently my register function works well, my password is hashed in my phpmyadmin database but my error comes from my login function. I have a verify_user in my controller


Code:
    function verify_user(){
        $email = $_POST['email'];
        $password = $_POST['password'];
        $this->load->model('login_model');
        $user_details = $this->login_model->verify_user($email,$password);


        if (!empty($user_details)) {

            $user_data =  array
            (
                'user_id' => $user_details['user_id'],
                'email' => $user_details['email'],
                'name' => $user_details['name']
            );

            $this->session->set_userdata('sessiondata',$user_data);
        } else{
            $data = array('msg' => 'Email or Password is wrong.');



            $this->session->set_flashdata('data',$data);

            redirect(base_url());
        }

    }
For this part 

Code:
$user_details = $this->login_model->verify_user($email,$password);
 I have this function verify_user in my model:

Code:
    function verify_user($email,$password)
    {
        $this->db->select('*');
        $this->db->from('users');
        $this->db->where('email',$email);
        //$this->db->where('password',$password);

        $query = $this->db->get();
        $result = $query->row_array();

        if(password_verify($password, $result['password'])){
            return $result;
        }else {
            return "";
        }

    }
The password seems not match to my database password 
Reply
#2

PHP Code:
// model
public function verify_user($email$password)
{
    
// fetch records first with matching email
    
$query $this->db->from('users')->where('email'$email)->get();

    if (
$query->num_rows() === 1)
    {
        
$result $query->row_array();

        if (
password_verify($password$result['password']))
        {
            return 
$result;
        }
    }

    return 
'';

Reply
#3

(This post was last modified: 01-19-2021, 10:03 AM by splitX26.)

Thanks for your answer but my controller still return me : 'Email or Password is wrong.'
Reply
#4

Read this article first.

Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)

The best example that I have seen is how Myth/Auth does it, it uses the above type coding.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB