After successfully verifying username exists in the database, I need to verify whether the password matches as well. Therefore, I need to retrieve the hashed password from the database, right? Or do I have other choices?
I'm using PHP 5.5 API bcrypt for hashing. My code would give me a 500 internal server error when I get the password from database. How do I do this correctly?
Here's my php code:
// If found username, check password, else respond invalid username
if($countRows!==0){
// Get hash from database
// Prepare statement
$stmt = $conn->prepare('SELECT password FROM users WHERE username = ?');
// Bind
$stmt->bind_param('s', $ps_username);
// Set Parameters
$ps_username = $username;
// Execute
$hash = $stmt->execute();
// Check password
if (!password_verify($password, $hash)) {
if($error != ""){
$error .= '<br>';
}
$error .= 'The user or password you entered do not match, please try again.';
}
else {
echo 'OK';
// Session start
// Redirect user to profile/homepage
}
}
And can someone recommend something that I can learn SQL commands? I can't find a good place for that.