This question already has an answer here:
password_hash() and password_verify() not working in oops stuctured code in Php. in fact it is directly executing else part (My question is not related to Procedural type Perhaps it's OOPS none of the Previous questions were Related to OOPs).
<?php
class security
{
function __construct()
{
$this->mysqli=getDBConn();
}
function login()
{
$mystat=$this->mysqli=getDBConn();
$username=$_POST["username"];
$password=$_POST["password"];
$escaped = $mystat->real_escape_string($mystat,$username);
$sql_query="SELECT *, u.id AS u_id, u.name AS u_name, ur.id AS ur_id, ur.name AS ur_name
FROM users u, user_roles ur WHERE username='".$username."' AND password='".$password."' AND
u.user_role_id=ur.id LIMIT 1";
$res=$this->mysqli->query($mystat,$sql_query);
if($res->mysqli_num_rows($res)){
$data_row=$res->fetch_assoc($res);
$_SESSION["logged_in"]=1;
$_SESSION["user"]=$data_row;
$password_hash=$data_row['password'];
if(password_verfiy($password,$password_hash)){
setMsg("You are logged in.", "success");
redirect("dashboard.php");
}
else
{
setMsg("Sorry, Invalid Credentials.", "danger");
redirect("index.php");
}
}
}
with respect to this code i got two tables in backend one is user_roles and second is users.
</div>