I am trying to make login form work using password_hash and password_verify function but I am not able to verify password due to some syntax error.
The following is my registration script
<?php
include("includes/connection.php");
if(isset($_POST['reg'])) {
//registration form
$u_email = mysqli_real_escape_string($con, $_POST['email']);
$u_pass = mysqli_real_escape_string($con, $_POST['password']);
$get_email = "SELECT * FROM user WHERE user_email='$u_email'";
$run_email = mysqli_query($con, $get_email);
$check = mysqli_num_rows($run_email);
if($check==0){
$hashed_pass = password_hash('u_pass', PASSWORD_BCRYPT, array('cost' => 10));
$insert = "insert into user (user_email, user_pass) values ('$u_email', '$hashed_pass')";
$run_insert = mysqli_query($con, $insert);
if($run_insert) {
echo "<script>alert('Registration Successful!')</script>";
}
else {
echo "<script>alert('Registration not Successful!')</script>";
}
}
else{
echo "Email already registered";
}
}
?>
The following is the login script
<?php
include("includes/connection.php");
if(isset($_POST['login'])) {
$u_email = mysqli_real_escape_string($con,$_POST['u_email']);
$u_pass = mysqli_real_escape_string($con,$_POST['u_pass']);
$get_user = "select user_pass from user where user_email='$u_email'";
if(password_verify($u_pass, $user_pass)){
$_SESSION['user_email']=$u_email;
echo "<script>alert('Login successfull')</script>";
}
else {
echo "<script>alert('Password or email is not correct!')</script>";
}
}
?>
It is just showing ('Password or email is not correct!') even though login details are correct.