How to verify password in php from database

I am currently letting users sign up with a username and password and storing the password hashed in my database which is stored fine as follows:

//Signing up



    
        
Signup
        

            
Username: 

            
Password: 

            


            
        
    
 

Using the following code to verify the hashed password against the user's password input but it doesn't work. Returns the message as invalid info1. I tried to echo the information from $result2 and was expecting the information to be the hashed password something like '$2y$10$lRgHiIV5Qddt9'. Instead I am getting the message "Resource id #7". Am I retrieving the information wrongly? Please assist.

//Verifying

asked Sep 29, 2015 at 10:56

3

In this line

if(password_verify($myPassword, $result2 )){

the variable $result2 is supposed to be a string, but it is a resource. You should extract the string inside the column password inside the first row in the resource, and use that string in the password_verify function.

Something like:

$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$hash = $row['password'];
if(password_verify($myPassword, $hash )){

answered Sep 29, 2015 at 11:01

AmarnasanAmarnasan

14.2k3 gold badges31 silver badges37 bronze badges

1

You need to fetch value from resource

$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$password = $row['password'];
if(password_verify($myPassword, $password )){

}

answered Sep 29, 2015 at 11:15

NinjuNinju

2,4462 gold badges14 silver badges21 bronze badges

(PHP 5 >= 5.5.0, PHP 7, PHP 8)

password_verify — Verifies that a password matches a hash

Description

password_verify(string $password, string $hash): bool

Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.

This function is safe against timing attacks.

Parameters

The user's password.

A hash created by password_hash().

Return Values

Returns true if the password and hash match, or false otherwise.

Examples

Example #1 password_verify() example

// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (

The above example will output:

See Also

• password_hash() - Creates a password hash
• » userland implementation
• sodium_crypto_pwhash_str_verify() - Verifies that a password matches a hash

How do I verify a database password?

How can I confirm my php password?

What is php password hash?

What is the Verify password?