First off, I am fairly new to coding in general so the idea of hashing is slightly confusing. Essentially, I am trying to hash a password in order to store it in a database so I don't have the password in plain text (I am told this is the best way to do it although I don't think it would be that large of a problem if the passwords weren't hashed as this is only being used in a small group of people that I could inform not to use passwords they care about but I was still advised to do this).
I have looked up a few guides and could use some help with understanding this. I will include the way I am hashing the passwords and how I am pulling them out of the database in order to help understand this problem. Apologies ahead of time if this is a stupid question. Just a heads up, I don't really understand this which is why I am asking the question.
NOTE: Included variables such as $login_username and $login_password are being properly pulled, I just didn't want to include them as it would clutter up this mess of a post even more.
Register user (have tried password_default and password_bcrypt but I don't see a difference):
require_once 'database.php';
$hash_employee_password = password_hash($employee_password, PASSWORD_DEFAULT);
$query = "INSERT INTO employee
(employee_id, employee_first_name, employee_last_name,
employee_username, employee_email, employee_password)
VALUES
(:employee_id, :employee_first_name, :employee_last_name,
:employee_username, :employee_email, :employee_password);";
//VALUES (".$employee_id.", '" . $employee_first_name."', '" . $employee_last_name . "', '".$employee_username."', '".$employee_email."', '" . "$employee_password');";
$statement = $db->prepare($query);
$statement->bindValue(':employee_id', $employee_id);
$statement->bindValue(':employee_first_name', $employee_first_name);
$statement->bindValue(':employee_last_name', $employee_last_name);
$statement->bindValue(':employee_username', $employee_username);
$statement->bindValue(':employee_password', $hash_employee_password);
$statement->bindValue(':employee_email', $employee_email);
$statement->execute();
$statement->closeCursor();
//echo $query;
$message = 'You have been successfully registered. Contact your manager in order to request account confirmation.';
include ('success.php');
Record Login:
require_once 'database.php';
include 'register_user.php';
$pwordQuery = "SELECT employee_password from employee where employee_username = :login_username";
$pwstatement = $db->prepare($pwordQuery);
$pwstatement->bindValue(':login_username', $login_username);
$pwstatement->execute();
$result = $pwstatement->fetch();
$pwstatement->closeCursor();
echo $result[0];
if(password_verify($login_password, $result[0]))
{
echo ' TRUE';
}
else
{
echo ' FALSE ';
}
The problem is: I am entering the proper username and password, but am getting the result of "FALSE" echoed out. Let me know if you have any ideas. Disregard the fact that I have a ton of work to do such as making my queries into functions and calling them that way... That's saved for a later date.
