PASSWORD VERIFY ISSUES IN PHP

Solomon Eseme - Mar 26 '18 - - Dev Community

public function login(UserModel $userModel)
{
try{
$name = $userModel->get_user_user_name();
$password = $userModel->get_user_password();

  $query = "SELECT * FROM users WHERE (user_user_name = :user_user_name) AND (user_status_id = 5) AND ((date_expiry > NOW()) OR (date_expiry < :date_expiry))";
  $stmt = $this->query($query);
  $this->bind(":user_user_name", $name);
  $this->bind(":date_expiry", '2000-01-01');
  $stmt = $this->executer();
  $res = $stmt->fetch(PDO::FETCH_ASSOC);
    //echo $password." string";
    //var_dump(password_verify($password, $res["user_password"]));
  if(password_verify($password, $res["user_password"])){
    $_SESSION['user_id'] = $res['user_id'];
     $this->user_id = $res["user_id"];
     $this->user_name = $res['user_name'];
     $this->is_authenticated = TRUE;
     $this->expiry_date = $res['expiry_date'];
     $this->session_start_time = time();

    $this->create_session();
  }else {
    echo "password don not match";
  }
}catch(PDOException $e){
  echo $e->getMessage();
  return FALSE;
}
return TRUE;
Enter fullscreen mode Exit fullscreen mode

}
THATS MY LOGIN FUNCTION.
---------------------------------------------------------------------------------->

public function add_user(UserModel $userModel)
{
try {
$pass = $userModel->get_user_password();
$name = $userModel->get_user_name();
$user_name = $userModel->get_user_user_name();
$phone_number = $userModel->get_user_phone_number();
$email = $userModel->get_user_email();
$school_id = $userModel->get_user_school_id();

  $hash_pass = password_hash($pass, PASSWORD_DEFAULT);
 var_dump($hash_pass);
  $sql = "INSERT INTO users (user_name, user_user_name, user_password, user_phone_number, user_email, user_school_id) VALUES
  (:user_name, :user_user_name, :user_password, :user_phone_number, :user_email, :user_school_id)";
  $stmt = $this->query($sql);
  $this->bind(":user_name", $name);
  $this->bind(":user_user_name", $user_name);
  $this->bind(":user_password", $hash_pass);
  $this->bind(":user_phone_number", $phone_number);
  $this->bind(":user_email", $email);
  $this->bind(":user_school_id", $school_id);
  $stmt = $this->executer();

} catch (Exception $e) {
  echo $e->getMessage();
  return FALSE;
}
return TRUE;
Enter fullscreen mode Exit fullscreen mode

}

THATS MY REGISTER FUNCTION.

MY ISSUE IS THAT ITS NOT LOGIN A USER IN.... AND THE ISSUE IS FROM THE PASSWORD_VERIFY AND PASSWORD_HASH FUNCTION... PLEASE HELP....

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .