This question already has an answer here:
So this is how I encrypt my password.
$password_encrypted = password_hash($password, PASSWORD_DEFAULT);
And this is how I get the value and check it:
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['uname']);
$mypassword = mysqli_real_escape_string($db,$_POST['psw']);
$result = mysqli_query(
$db,
"SELECT password FROM interna_dostop WHERE up_name = '$myusername'");
$row = mysqli_fetch_array($result);
$hash = $row['password'];
echo $hash;
echo $mypassword;
echo $myusername;
if (password_verify('$mypassword','$hash')) {
header('Location: another.php'); exit;
} else {
echo 'Invalid password.';
}
}
?>
Now here is the funny part. This returns false. But if I enter in password_verify ('mypass', 'encrypted_pass') I get true?
Any ideas?
</div>
