{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 兄弟一词,经得起流年. 的问题《PHP - password_verify issue》','https://www.manongdao.com/q-351997.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have been scratching my head on this for over 2 hours. I have researched articles on stackoverflow including:
And I havent been able to correct my issue. I would appreciate some guidance on how much of an idiot I am being:
Function to insert data into MySQL database:
function insertUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"INSERT INTO user(username, userpassword) VALUES (?,?);");
$username = $userObj->getUsername();
$password = password_hash('testing1234', PASSWORD_BCRYPT);
$query->bind_param('ss', $username, $password);
}
Verification of user login by retrieving data from MySQL:
function findUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"SELECT userid, userpassword
FROM user
WHERE username=?");
$pass = 'testing1234'
$query->bind_param('s', $userObj->getUsername());
$query->execute();
$query->bind_result($userid, $hash);
while ($query->fetch()) {
if (password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
}
}
When run I get 'Invalid password.'
When I do the below without inserting into database then retrieving:
$hash = password_hash('testing1234', PASSWORD_BCRYPT);
if (password_verify('testing1234', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
I get 'Password is valid!'
I believe my problem is something to do with single and double quotes and the interpretation of dollar sign ($) in the password field, as a variable instead of literal (as one of the articles suggests) when storing/retrieving from MySQL database - however I haven't had any luck in resolving. Below is the hash value of 'testing1234':
$2y$10$1/oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W
Problem was in the database - nothing to do with password_verify or password_hash. Datatype had a maximum amount of characters (only defined to 40 as I was made to by MySQL when creating tables). Moved to 60 and no more issues.