password always incorrect in php login form when using password_verify

Hi! I am a newcomer to PHP and am making a login form. Everything seems to go well, that is until the user submits the correct password. Even if the password is incorrect, the file still treats it as if it was incorrect. What should I do?

<?php

session_start();

if (isset($_POST['submit'])) {
	
	$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "pass123";
$dbName = "mydatabase";

$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
	
	$uid = mysqli_real_escape_string($conn, $_POST['uid']);
	$pwd = $_POST['pwd']; 
	
	//error handlers
	//inputs empty
	if(empty($uid) || empty($pwd)){
		header("Location: ../index.php?login=empty");
		exit();
	}else {
		$sql = "SELECT * FROM users WHERE username='$uid'";
		$result = mysqli_query($conn, $sql);
		$resultCheck = mysqli_num_rows($result);
		if ($resultCheck < 1) {
			header("Location: ../index.php?login=user");
			exit();
		}else{
			if($row = mysqli_fetch_assoc($result)){
				//De-hashing the password
				$hashedPwdCheck = password_verify($pwd, $row['password']);
				if ($hashedPwdCheck == false) {
					header("Location: ../index.php?login=pass");
					exit();
				} elseif($hashedPwdCheck == true){
					//logged in here
					$_SESSION['u_name'] = $row['name'];
					$_SESSION['u_class'] = $row['class'];
					$_SESSION['u_email'] = $row['email'];
					$_SESSION['u_uid'] = $row['username'];
					header("Location: ../index.php?login=success");
					exit();
				}
			}
		}
	}
}else{
	header("Location: ../index.php?login=error");
	exit();
}

Open in new window

Sunny JainstudentAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Your first problem is that you have not identified the hash value as shown on this page.  You probably need to use password_hash() too.

http://php.net/manual/en/function.password-verify.php

http://php.net/manual/en/function.password-hash.php
1
Sunny JainstudentAuthor Commented:
@Dave Baldwin: the password was already hashed in the database when the user first registered. Would u just rehash it again?
0
Dave BaldwinFixer of ProblemsCommented:
I would write a simple test program that instead of using password_verify(), I would use the  password_hash() that you originally used and then compare the new results with the data in the database.
1
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Dave BaldwinFixer of ProblemsCommented:
What version of PHP are you using?
0
Sunny JainstudentAuthor Commented:
I am currently using version 7.1.5
0
Dave BaldwinFixer of ProblemsCommented:
Please compare your password_hash() code to the info on http://php.net/manual/en/function.password-hash.php .  They changed some things with PHP 7 .
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sunny JainstudentAuthor Commented:
worked like a charm. Thank you so much
1
Dave BaldwinFixer of ProblemsCommented:
You're welcome.  Did you change something?
0
NerdsOfTechTechnology ScientistCommented:
OP, I suggest that you select the best solution as #a42425646 (Dave Baldwin).
0
NerdsOfTechTechnology ScientistCommented:
OP's comment following best solution, affirms working solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.