Can't seem to login with password_hash

Question

My login system was working fine and then I decided to use password hash. I looked around and can not seem to find my issue. When I register the user, the password is hashed in the database. When I go to login, it is not recognizing the password and saying it is incorrect. Any recommendations of how to fix the issue?

public function evaluate($data) {

      $email = addslashes($data['email']);
      $password = addslashes($data['password']);

      $sql = "SELECT * FROM users WHERE email = '$email' && password = '$password' LIMIT 1";
      $stmt = $this->connect()->prepare($sql);
      $stmt->execute();

      if($row = $stmt->fetch()) {

        if(password_hash($password, $row['password'])) {

          $_SESSION['mfg_userid'] = $row['userid'];

        } else {

          $this->error .= "The email or password you have entered is incorrect. Please try again.";

        }

      } else {

        $this->error .= "The email or password you have entered is incorrect. Please try again.";

      }

      return $this->error;

    }

Answer 1

In PHP the password_hash() function generates a hashed string which can be verified with the help of password_verify() function. So, In your case you need to use password_verify() instead of password_hash() in your if condition.

$hash = password_hash('asdf@123', PASSWORD_DEFAULT);
if (password_verify('asdf@123', $hash)) {
    echo 'Password is valid!'; //correct output
} else {
    echo 'Invalid password.';
}