Hey guys, I am working on a website for my Capstone Project and I am having unusual issues with some PHP. I have used the password_verify() function before and never had issues with it until now. Every time I try to use it with a password that contains a pound(#) symbol it returns false. The function returns true for anything else but that. The encrypted password used with the password_hash() function is working and I am pretty sure that it is inserting into the database correctly . Below is my code, please let me know if you notice anything that may be causing the issue or if you need more information. THIS IS DRIVING ME INSANE!!
This is how I am inserting it into the database:
require_once("mydb.php");
$fullName = $_REQUEST['fullName'];
$prefName = $_REQUEST['prefName'];
$gender = $_REQUEST['gender'];
$profile = $_REQUEST['profile'];
$email = $_REQUEST['email'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$password = password_hash($password, PASSWORD_BCRYPT);
$query = "insert into USERS(full_name, preferred_name, username, password, gender, email, profile, comment_penalties, upload_penalties)"
. " values('$fullName', '$prefName', '$username', '$password', '$gender', '$email', '$profile', 0, 0);";
$result = mysqli_query($conn, $query);
if($result)
{
header("Location: login.php?status=1");
die();
}
else
{
echo mysqli_error($conn);
}
mysqli_close($conn);
This is how I am validating my password with the hash:
<?php
require_once('mydb.php');
$username = $_POST['username'];
$password = $_POST['password'];
//gets password based on the username
function getPassword($username)
{
global $conn;
$hash = '';
$query = "select PASSWORD from USERS where USERNAME='$username';";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_assoc($result))
{
$hash = $row['PASSWORD'];
}
return $hash;
}
}
//gets userID
function getUserID($username)
{
global $conn;
$userID = 0;
$query = "select ID from USERS where USERNAME='$username';";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_assoc($result))
{
$userID = $row['ID'];
}
return $userID;
}
}
if(password_verify($password, getPassword($username)))
{
//creates a session for username and redirects to the index page
session_start();
$userID = getUserID($username);
$_SESSION['USERID'] = $userID;
header("Location: index.html?userID=$userID");
}
else
{
//return to login page with an error status
header("Location: login.php?status=2");
}
mysqli_close($conn);
?>
UPDATE
Okay never mind. I figured out why. The pound symbol was being treated as a fragment when I was passing it along through a URL.