Password is not verified using function password_verify

Question

I think i have hashed password using function PASSWORD directly from mysql database(am i doing wrong here?). And i am trying to verify that password with this c

Answer 1

password_verify is a boolean function which return either true or false. In your code, after getting value of password from Post param, you doing this operation

$password=password_verify($password,$hash);

which changes the $password value to true or false and that boolean value stored in $password you are using in mysql select statement

$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";

Another thing is it might be possible that the hashed/salted password you are using is not the correct hashed value of the password you are using.

---

Update: Try this

$cost = [
    'cost' => 15,
];

$hash_password = password_hash('ChRisJoRdAn123', PASSWORD_BCRYPT, $cost);

before any db operation, change your password field varchar length to >=64

$sql = "INSERT INTO admin (username,password)values('ChrisJordan','".$hash_password."')";

After insert operation, execute the select statement with the user

$sql = "select * from admin where username = 'ChrisJordan'";

after this fetching hased password and password from the post parameter, you will need to verify both passwords using password_verify

if (password_verify(validate($_POST['password']), $hash_password_from_db)) {
    echo "Valid Password";
}else{
    echo "Invalid Password";    
}