Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP - password_verify issue

Tags:

php

mysql

hash

php-password-hash

I have been scratching my head on this for over 2 hours. I have researched articles on stackoverflow including:

  • Issue with Bcrypt not verifying correctly

  • php password_hash and password_verify issues no match

  • `password_verify` call returning false for correct password

And I havent been able to correct my issue. I would appreciate some guidance on how much of an idiot I am being:

Function to insert data into MySQL database:

function insertUser($userObj) {
    $query = $this->databaseConnection->getStntPrepare()->prepare(
            "INSERT INTO user(username, userpassword) VALUES (?,?);");
    $username = $userObj->getUsername();
    $password = password_hash('testing1234', PASSWORD_BCRYPT);

    $query->bind_param('ss', $username, $password);
}

Verification of user login by retrieving data from MySQL:

function findUser($userObj) {
    $query = $this->databaseConnection->getStntPrepare()->prepare(
            "SELECT userid, userpassword 
                FROM user 
                WHERE username=?");

    $pass = 'testing1234'
    $query->bind_param('s', $userObj->getUsername());
    $query->execute();
    $query->bind_result($userid, $hash);

    while ($query->fetch()) {

        if (password_verify($pass, $hash)) {
            echo 'Password is valid!';
        } else {
            echo 'Invalid password.';
        }
    }
}

When run I get 'Invalid password.'

When I do the below without inserting into database then retrieving:

$hash = password_hash('testing1234', PASSWORD_BCRYPT);
if (password_verify('testing1234', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

I get 'Password is valid!'

I believe my problem is something to do with single and double quotes and the interpretation of dollar sign ($) in the password field, as a variable instead of literal (as one of the articles suggests) when storing/retrieving from MySQL database - however I haven't had any luck in resolving. Below is the hash value of 'testing1234':

$2y$10$1/oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W

like image 255
Lewis Wheeler Avatar asked Nov 01 '22 11:11

Lewis Wheeler

1 Answers

Problem was in the database - nothing to do with password_verify or password_hash. Datatype had a maximum amount of characters (only defined to 40 as I was made to by MySQL when creating tables). Moved to 60 and no more issues.

like image 140
Lewis Wheeler Avatar answered Nov 09 '22 13:11

Lewis Wheeler
Sign in to Comment

Related questions

Zipping up attached images from taxonomy & date
PHP $client->__soapCall('method', $params); VS. $client->method($params);
AngularJS Views in Wordpress
Creating foreign key in phpmyadmin mysql
Determine if a user came is an organic or direct visit?
jQuery File Upload, get and edit Data which is saved in DB
Amazon EC2, S3, REST API, and how to correctly provide contents to users
PHP addslashes not working as expected if a string starts with numbers and contains a quotation mark
phpDoc notation to specify return type identical to parameter type
Symfony2 invalid dynamic form with no error
PHP freaking out (connection dropped, connection abandoned) in IIS 7.5
Only initialize a variable in an array if it's requested
fwrite() more than 2 GiB? [duplicate]
How to manage Countries in database
How to read password protected Excel files using PHPExcel?
Sending newsletter using PHP SwiftMailer and SMTP
Connection refused error in PHP
jQuery + php file upload. Pass multiple parameters
Calculate new gradient positions after the polygon it fills changes dimensions
Having a single entry point to a website. Bad? Good? Non-issue?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!