'password_verify() PHP function not working [closed]

I have this simple login form that fails on password verification. I have done the exact same code on a different project and it worked like intended. The Mysql database is set up exactly the same way as the last project (password row for the hashed password is VARCHAR 255). I've also checked the UTF-8 both in the database and the Html and they look to be ok. I have a registration form that passes the hashed password into the table with BCRYPT. I have posted the log-in code below (the echo lines are for debugging and they return exactly what was expected).

if(isset($_POST['submit-login'])){
  function validateFormData($formData){
    $formData = trim(stripslashes(htmlspecialchars($formData)));
    return $formData;
  }
  
  $userEmail = validateFormData($_POST['login-email']);
  $password = validateFormData($_POST['login-password']);
  echo $password;
  echo $userEmail;
  include('includes/dbconn.php');
  $query = "SELECT firstname, lastname, email, pass FROM users WHERE email='$userEmail'";
  $result = mysqli_query( $conn, $query );

  if(mysqli_num_rows($result) > 0){
    while( $row = mysqli_fetch_assoc($result) ){
      $firstName = $row['firstname'];
      $lastName = $row['lastname'];
      $email = $row['email'];
      $hashedPass = $row['pass'];
      echo $hashedPass;
    }
    
    if( password_verify( $password, $hashedPass ) ){
      session_start();
      $_SESSION['firstname'] = $firstName;
      $_SESSION['lastname'] = $lastname;
      $_SESSION['email'] = $email;
      header("Location: dashboard.php");
    }else {
      $loginError = "<div class='text-center alert alert-danger'>Wrong username / password. Try again. </div>";
      
    }
  }else {
    $loginError = "<div class='text-center alert alert-danger alert-dismissible'>User not found! <button class='btn-close' data-dismiss='alert'></button></div>";
  }
  mysqli_close($conn);
}

There must be something I'm missing but I can't figure it out. It always returns the $loginError from the password_verify if statement.

php


Solution 1:[1]

Check that your $hashedPass is a string and make sure that it is exist in your database ...

I think that this while is not working.

while( $row = mysqli_fetch_assoc($result) ){
      $firstName = $row['firstname'];
      $lastName = $row['lastname'];
      $email = $row['email'];
      $hashedPass = $row['pass'];
      echo $hashedPass;
    }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Raymond Shafiee

Related Questions