Friends, I would like to know why in my condition IF
no matter how much I do, it always recognizes it as false, I have verified and performs the query correctly, the connection correctly and the array it brings is as follows:
Array ( [IDUSUARIO] => 1 [USUARIO] => admin [CONTRASENIA] => admin )
What am I doing wrong other than being born? xd help please.
The data of the database, host, user and password are remote, I am doing it on the server of HOSTINGER
.
<?php
$host_db = "xxxxx";
$user_db = "xxxxxx";
$pass_db = "xxxxx";
$db_name = "xxxxxx";
$conexion = new mysqli($host_db, $user_db, $pass_db, $db_name);
if ($conexion->connect_error) {
print("La conexion falló: " . $conexion->connect_error);
}
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM USUARIOS WHERE USUARIO = '$username'";
$result = $conexion->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_array(MYSQLI_ASSOC);
}
if (password_verify($password, $row['CONTRASENIA'])){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (5 * 60);
print "Bienvenido! " . $_SESSION['username'];
print "<br><br><a href=panel-control.php>Panel de Control</a>";
}else{
print "Username o Password estan incorrectos.";
print_r($row);
print "<br><a href='index.html'>Volver a Intentarlo</a>";
}
mysqli_close($conexion);
?>
Clearly your error is:
In the password database it is
admin
not made with at any timepassword_hash
and if we read the php documentation it tells us:Clearly what you are comparing is admin and admin, at no time do you generate a
hash
.When you create a user, save their password with
password_hash
As in your database the password will remain as a
hash
simply do that: