Unable to login to Android app using hashed password

Question

I have been following a tutorial in order to create a login for an Android based application, however after encrypting the passwords I am unable to get authenticate users. I hav

Answer 1

In login.php you should change this:

//$passwordHash = password_hash($password, PASSWORD_DEFAULT); remove
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);

Each time you hash the password it creates a unique hash (due to a randonly generated salt each time the function is run), so when you login and hash, you'll never get a match. You should instead use password_verify()

Once you retrieve the password from the query, you can then verify:

password_verify($password, $response['password']);