my password is hashed and saved in database but it is couldn't match it with the password which user is giving in textbox.
//form submission
if(isset($_POST['submit_pwd']))
{ //input form username
$us = isset($_POST['usr']) ? $_POST['usr'] : '';
// input for user password
$passw = isset($_POST['passwd']) ? $_POST['passwd'] : '';
//retreiving vlaues from database
$sql = "SELECT * FROM adminclient";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
$username= $row['username'];
$password = $row['password'];
//username and password matches from database
if ($us == $username && password_verify($passw, $password) ) {
session_start();
$_SESSION['username']=$_POST['usr'];
header("location: success.php");
}
}echo " <script type='text/javascript'>
alert('Wrong Username and Password combination');</script> ";
}
}
?>
You are not converting input password to hashed password. Because, in table Hashed Password is saved. So, you need to convert it. If md5 was used.. Then use $passw=md5($passw);to convert. Or, If sha1 was used then use $passw=SHA1($passw).
//form submission
if(isset($_POST['submit_pwd']))
$us = isset($_POST['usr']) ? $_POST['usr'] : '';
$passw = isset($_POST['passwd']) ? $_POST['passwd'] : '';
$passw=md5($passw); // Change Input Password To md5 Password
//Check Here It Self in SQL Query
$sql = "SELECT * FROM adminclient WHERE username='$us' AND password='$passw'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_assoc($result))
{
session_start();
$_SESSION['username']=$_POST['usr'];
header("location: success.php");
}
}
else
{
echo " <script type='text/javascript'>
alert('Wrong Username and Password combination');</script> ";
}
}
?>
Check this SHA1 Password for more details.