I'm currently making a registration form, everything seems to work fine except for the password part. When the user register, the password should be hashed but I still see a normal string in phpmyadmin. I would like to make it when a user input his password, it should be hashed in the database.
Here is my code:
public function reg_user($gender, $username, $email, $password, $firstname, $lastname, $birthday, $city) {
$sql = "SELECT * FROM users WHERE username='$username' OR email='$email'";
password_hash($password, PASSWORD_DEFAULT);
password_verify($password,$row['password']);
$check = $this->db->query($sql);
$count_row = $check->num_rows;
if ($count_row == 0) {
$sql1 = "INSERT INTO users (gender, username, email, password, firstname, lastname, birthday, city) VALUES ('$gender', '$username', '$email', '$password', '$firstname', '$lastname', '$birthday', '$city')";
$result = mysqli_prepare($this->db,$sql1) or die(mysqli_connect_errno() . " - ERREUR: Les données ne peuvent pas être insérés");
$password = md5($password, PASSWORD_DEFAULT);
$result->execute();
} else {
return false;
}
}
include_once 'class.user.php';
$user = new User();
password_verify($password,$row['password']);
password_hash($password, PASSWORD_DEFAULT);
$password = password_hash($password, PASSWORD_DEFAULT);
if (isset($_POST['submit'])) {
extract($_POST);
$register = $user->reg_user($_POST['gender'], $_POST['username'], $_POST['email'], $_POST['password'], $_POST['firstname'], $_POST['lastname'], $_POST['birthday'], $_POST['city']);
if ($register) {
echo "<span class=\"waters\">Inscription confirmée</span>";
password_verify($password,$row['password']);
password_hash($password, PASSWORD_DEFAULT);
} else {
echo "<span class=\"waters\">Inscription confirmée</span>";
password_verify($password,$row['password']);
password_hash($password, PASSWORD_DEFAULT);
}
}
Thanks for reading.