password always incorrect in php login form when using password_verify

Hi! I am a newcomer to PHP and am making a login form. Everything seems to go well, that is until the user submits the correct password. Even if the password is incorrect, the file still treats it as if it was incorrect. What should I do?

<?php

session_start();

if (isset($_POST['submit'])) {
	
	$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "pass123";
$dbName = "mydatabase";

$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
	
	$uid = mysqli_real_escape_string($conn, $_POST['uid']);
	$pwd = $_POST['pwd']; 
	
	//error handlers
	//inputs empty
	if(empty($uid) || empty($pwd)){
		header("Location: ../index.php?login=empty");
		exit();
	}else {
		$sql = "SELECT * FROM users WHERE username='$uid'";
		$result = mysqli_query($conn, $sql);
		$resultCheck = mysqli_num_rows($result);
		if ($resultCheck < 1) {
			header("Location: ../index.php?login=user");
			exit();
		}else{
			if($row = mysqli_fetch_assoc($result)){
				//De-hashing the password
				$hashedPwdCheck = password_verify($pwd, $row['password']);
				if ($hashedPwdCheck == false) {
					header("Location: ../index.php?login=pass");
					exit();
				} elseif($hashedPwdCheck == true){
					//logged in here
					$_SESSION['u_name'] = $row['name'];
					$_SESSION['u_class'] = $row['class'];
					$_SESSION['u_email'] = $row['email'];
					$_SESSION['u_uid'] = $row['username'];
					header("Location: ../index.php?login=success");
					exit();
				}
			}
		}
	}
}else{
	header("Location: ../index.php?login=error");
	exit();
}

Open in new window

Sunny JainstudentAsked:
Who is Participating?
 
Dave BaldwinFixer of ProblemsCommented:
Please compare your password_hash() code to the info on http://php.net/manual/en/function.password-hash.php .  They changed some things with PHP 7 .
1
 
Dave BaldwinFixer of ProblemsCommented:
Your first problem is that you have not identified the hash value as shown on this page.  You probably need to use password_hash() too.

http://php.net/manual/en/function.password-verify.php

http://php.net/manual/en/function.password-hash.php
1
 
Sunny JainstudentAuthor Commented:
@Dave Baldwin: the password was already hashed in the database when the user first registered. Would u just rehash it again?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dave BaldwinFixer of ProblemsCommented:
I would write a simple test program that instead of using password_verify(), I would use the  password_hash() that you originally used and then compare the new results with the data in the database.
1
 
Dave BaldwinFixer of ProblemsCommented:
What version of PHP are you using?
0
 
Sunny JainstudentAuthor Commented:
I am currently using version 7.1.5
0
 
Sunny JainstudentAuthor Commented:
worked like a charm. Thank you so much
1
 
Dave BaldwinFixer of ProblemsCommented:
You're welcome.  Did you change something?
0
 
NerdsOfTechTechnology ScientistCommented:
OP, I suggest that you select the best solution as #a42425646 (Dave Baldwin).
0
 
NerdsOfTechTechnology ScientistCommented:
OP's comment following best solution, affirms working solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.