I have a sign up form and a login form. I try to save the password during registration with the function hash_password
$password = trim(mysqli_escape_string($conn,$_POST['inputPassword']));
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$query_create_user = "INSERT INTO users (user_username, user_password, user_email) VALUES ('$username', '$password_hash', '$email')";
$result = mysqli_query($conn, $query_create_user);
For login, I use also the function password hash.
$password = trim(mysqli_escape_string($conn,$_POST['inputPassword']));
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$query_verify_user = "SELECT user_id, user_username, user_password FROM users WHERE user_username = '$username'";
if($row['user_username']==$username && $row['user_password']==$password_hash){
Header('Location: ../index.php?page=login');
}
$row['user_password']==$password_hash are never the same. During the registration, I had one hash tag. After the registration, I cant get the same hash tag as during the registration. What is the problem?
That is the expected behavior of password_hash, to check if the entered password was correct, you should use password_verify as stated in the PHP documentation for password_hash.
Meaning that your code should be something like this
$password = $_POST['inputPassword'];
$query_verify_user = "SELECT user_id, user_username, user_password FROM users WHERE user_username = '$username'";
if($row['user_username']==$username && password_verify($password, $row['user_password']){
header('Location: ../index.php?page=login');
}
To perform the password verification, use password-verify. password_hash() creates a new password hash using a strong one-way hashing algorithm.