How to Verify Password in PHP from Database
1 year ago
admin
PHP
In this tutorial we will see how to save the password in the database using PHP and MySQL, then we will see how to verify the hashed saved password with the password entered by the user.
Store the hashed password
To store the password we use the password_hash function which takes the password, the algorithm used for hashing, and the options.
<?php
class UsersController{
//store new user
public function register(){
$options = [
"cost" => 12
];
$password = password_hash($_POST["password"],PASSWORD_BCRYPT,$options);
$data = array(
"fullname" => $_POST["fullname"],
"username" => $_POST["username"],
"email" => $_POST["email"],
"password" => $password,
);
$result = User::createUser($data);
if($result === "ok"){
Session::set("success","Account created");
Redirect::to("login");
}else{
echo $result;
}
}
}
Verify passwords
To verify passwords we use the password_verify function that takes the user entered password and the stored one in the database.
<?php
class UsersController{
//login the user
public function auth(){
if(isset($_POST["submit"])){
$data["username"] = $_POST["username"];
$result = User::login($data);
if($result->username === $_POST["username"] && password_verify($_POST["password"],$result->password)){
$_SESSION["logged"] = true;
$_SESSION["username"] = $result->username;
$_SESSION["fullname"] = $result->fullname;
$_SESSION["admin"] = $result->admin;
Redirect::to("home");
}else{
Session::set("error","No user found!");
Redirect::to("login");
}
}
}
//store the user
public function register(){
$options = [
"cost" => 12
];
$password = password_hash($_POST["password"],PASSWORD_BCRYPT,$options);
$data = array(
"fullname" => $_POST["fullname"],
"username" => $_POST["username"],
"email" => $_POST["email"],
"password" => $password,
);
$result = User::createUser($data);
if($result === "ok"){
Session::set("success","Account created");
Redirect::to("login");
}else{
echo $result;
}
}
}