This question already has an answer here:
I am new to PHP and am trying to check whether a password provided by a user (login page) matches a hashed password stored in the db.
The password in the db was hashed through $pw = password_hash($_POST["pw"], PASSWORD_BCRYPT); (the same approach I use for the user's input) and is stored in a VARCHAR(255) column.
I now tried using password_verify to compare this with the user input but am getting the below error which is caused by the else part.
Can someone tell me what I am doing wrong here ?
I tried removing "== true" as well but that didn't work either.
My PHP:
$email = $_POST["email"];
$pw = password_hash($_POST["pw"], PASSWORD_BCRYPT);
$stmt = $conn->prepare("SELECT email, pw FROM Users WHERE email = ?");
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
if(mysqli_num_rows($result) == 0){
echo "Email has not been registered yet";
}else{
if(password_verify($pw, $result["pw"]) == true){
echo "Password correct";
}else{
echo "Password incorrect";
}
};
The error:
"Fatal error: Cannot use object of type mysqli_result as array..."
Update:
To me this is different to the other question referred to as possible duplicate as in my case I either get the above error or (when following Bing's approach below) the result is always "Password incorrect" - independent of the input.
Many thanks in advance.
</div>
