[Solved] hello world! implement password_verify


First of all, you only have to use “WHERE username =”. You don’t have to check the password when you do the request.

Secondly, you have to verify the password.

Finally, you should also used prepared statements, it’s more secure.

So, your code should look like this (the code provided may not be usable as is but you can tweak it to get the result that you want and read the doc to understand prepared statements and how password_verify works):

$sql = "SELECT * FROM table2 WHERE username = :username";
$request = $conn->prepare($sql);
$request->execute([":username" => $_POST["username"]]);  
$user = $request->fetchAll()[0];

if(password_verify($_POST["password"], $user->password)){
    //user is logged in
}else{
    //password is wrong
}

1

solved hello world! implement password_verify