Welcome to Open Carnage

A resource for gamers and technology enthusiasts, with unique means of rewarding content creation and support. Have a wander to see why we're worth the time!

Sign in to follow this  
Followers 0
Daywu

PHP: password_verify() not working

Posted (edited)

Hey guys, I am working on a website for my Capstone Project and I am having unusual issues with some PHP. I have used the password_verify() function before and never had issues with it until now. Every time I try to use it with a password that contains a pound(#) symbol it returns false. The function returns true for anything else but that. The encrypted password used with the password_hash() function is working and I am pretty sure that it is inserting into the database correctly . Below is my code, please let me know if you notice anything that may be causing the issue or if you need more information. THIS IS DRIVING ME INSANE!!

 

This is how I am inserting it into the database:

require_once("mydb.php");
	
	$fullName = $_REQUEST['fullName'];
	$prefName = $_REQUEST['prefName'];
	$gender = $_REQUEST['gender'];
	$profile = $_REQUEST['profile'];
	$email = $_REQUEST['email'];
	$username = $_REQUEST['username'];
	$password = $_REQUEST['password'];
	$password = password_hash($password, PASSWORD_BCRYPT);
	
	$query = "insert into USERS(full_name, preferred_name, username, password, gender, email, profile, comment_penalties, upload_penalties)"
		. " values('$fullName', '$prefName', '$username', '$password', '$gender', '$email', '$profile', 0, 0);";
		
	$result = mysqli_query($conn, $query);
	if($result)
	{
		header("Location: login.php?status=1");
		die();
	}
	else
	{
		echo mysqli_error($conn);
	}
	
	mysqli_close($conn);

This is how I am validating my password with the hash:

<?php
	
	require_once('mydb.php');
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	//gets password based on the username
	function getPassword($username)
	{
		global $conn;
		$hash = '';
		$query = "select PASSWORD from USERS where USERNAME='$username';";
		$result = mysqli_query($conn, $query);
		
		if(mysqli_num_rows($result) > 0)
		{
			while($row = mysqli_fetch_assoc($result))
			{
				$hash = $row['PASSWORD'];
			}	
			return $hash;
		}
	}
	
	//gets userID
	function getUserID($username)
	{
		global $conn;
		$userID = 0;
		$query = "select ID from USERS where USERNAME='$username';";
		$result = mysqli_query($conn, $query);
		
		if(mysqli_num_rows($result) > 0)
		{
			while($row = mysqli_fetch_assoc($result))
			{
				$userID = $row['ID'];
			}
			return $userID;
		}
	}
	
	if(password_verify($password, getPassword($username)))
	{
		//creates a session for username and redirects to the index page
		session_start();
		$userID = getUserID($username);
		$_SESSION['USERID'] = $userID;
		header("Location: index.html?userID=$userID");
	}
	else
	{
		//return to login page with an error status
		header("Location: login.php?status=2");
	}
	
	mysqli_close($conn);
?>

UPDATE

Okay never mind. I figured out why. The pound symbol was being treated as a fragment when I was passing it along through a URL.

Edited by Daywu
Sunstriker7 and DiSiAC like this

Image result for naruto gifImage result for zabuza gif

Share this post


Link to post
Share on other sites

Members of Open Carnage never see off-site ads.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
  • Recently Browsing   0 members

    No registered users viewing this page.