i try to login with hash password but password isn't equal

Question

error don't equal password when login with hash password

i try this code for hash and sign up ... then when i want to login password_hash() create another hash password

 function addUser($gmail, $password){
    $connection = mysqli_connect(DataBaseManager::HOST, 
    DataBaseManager::USER, DataBaseManager::PASSWORD, 
    DataBaseManager::DATABASENAME);

    mysqli_set_charset($connection, "utf8");

    $sqlQuery = "SELECT * FROM users WHERE gmail='$gmail'";

    $result = mysqli_query($connection, $sqlQuery);
    $hashed = password_hash($password, PASSWORD_DEFAULT);
    if(mysqli_num_rows($result) > 0)
    {
       return false;
    }
    else{
         $sqlCommand = "INSERT INTO users(gmail , password ) VALUES('$gmail', '$hashed')";
        if (mysqli_query($connection, $sqlCommand)) {
            return true;
        } else {
            return false;
        }
    }


}


function getUser($gmail , $password){
       $connection = mysqli_connect(DataBaseManager::HOST,DataBaseManager::USER,DataBaseManager::PASSWORD, DataBaseManager::DATABASENAME);
       mysqli_set_charset($connection, "utf8");
        $hashed = password_hash($password, PASSWORD_DEFAULT);
        $sqlQuery = "SELECT * FROM users WHERE gmail='$gmail' AND password = '$hashed'";
        var_dump($sqlQuery);
        $result = $connection->query($sqlQuery);
        if ($result->num_rows > 0) {
            return true;
        }else{
            return false;
        }

    }

using `$gmail` in `$sqlQuery` and `$sqlCommand` is an SQL injection vulnerability - see [this answer](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Recommend using PDO. — danblack, Feb 05 '19 at 23:54
Possible duplicate of [How to use password\_hash](https://stackoverflow.com/questions/30279321/how-to-use-password-hash) — Dharman, Jun 11 '19 at 23:44
One cannot search for a salted hash in the database, so you have to search by username only. An example you can find in this [answer](https://stackoverflow.com/a/38422760/575765). — martinstoeckli, Jun 13 '19 at 08:47

score 0 · Accepted Answer · answered Feb 05 '19 at 23:53

0

password_verify is used for validating.

answered Feb 05 '19 at 23:53

danblack

12,130
2
22
41

i try to login with hash password but password isn't equal

1 Answers1