I am quite new to PHP and recently I was following a tutorial by Dani Krossing on how to make a simple login/register system. As far as I can tell I did everything right, but when I would check for password_verify(), it would always return false, even if the password is correct.
Here is my code:
function loginUser($conn, $username, $pwd) {
$uidExists = uidExists($conn, $username, $username);
if ($uidExists === false) {
header("location: ../login.php?error=wronglogin");
exit();
}
$pwdHashed = $uidExists["usersPwd"];
$checkPwd = password_verify($pwd, $pwdHashed);
if ($checkPwd === false) {
header("location: ../login.php?error=" . $pwd . "......." . $pwdHashed);
exit();
}
else if ($checkPwd === true) {
session_start();
$_SESSION["userid"] = $uidExists["usersId"];
$_SESSION["useruid"] = $uidExists["usersUid"];
header("location: ../index.php");
exit();
}
I changed header to display both passwords so I can see if it has found the right password in the database, it displays both entered and hashed passwords but it refuses to start the session and instead returns that login information is wrong.
I compared my code to the code from tutorial many times and couldn't find a difference, I am not sure if there is anything I could have done wrong before to make it act this way.
Keep in mind that I am still quite new to PHP, I might have made a stupid mistake so be easy on me :D
Thank you in advance.
Edit: I am able to sign up with the right information inserted into the database, but I am not able to log in.
CodePudding user response:
Remove "=== false" and "=== true" from if-else conditions. Because when you called password_verify function, it will return 1 or 0, not true or false.
Use this code....
if (!$checkPwd) {
header("location: ../login.php?error=" . $pwd . "......." .
$pwdHashed);
exit();
}else {
session_start();
$_SESSION["userid"] = $uidExists["usersId"];
$_SESSION["useruid"] = $uidExists["usersUid"];
header("location: ../index.php");
exit();
}