Problems with password_verify


I have a problem with the password_verify , because when I try to enter it shows me the wrong password, try the same with sha1 and it's the same.

The record:

if(count($errors) == 0) *[Aquí empieza el registro, que si no hay ningun problema pueda comenzar el registro]*{ 
    $response = file_get_contents("$secret&response=$captcha");
    $arr = json_decode($response, TRUE);
    if($arr['success']) *[Esta parte verifica el captcha para poder continuar]*{
        $password_hash = hashPassword($Password); [Aquí llama a la función hashPassword (La pondre debajo)]
        $register = registerUser($User, $password_hash, $Email, $active, $user_type);   [Y registra el usuario (Pondre el codigo de registerUser debajo)]       
        if($register > 1){                  
            echo "DONE";
        } else {
            $error[] = "Wrong Captcha";
    } else {
        $errors[] = "Error to register";

The total record: (Try to change global $ mysqli and I have an error)

function registerUser($User, $password_hash, $Email, $active, $user_type){ 
    global $mysqli;
    $stmt = $mysqli->prepare("INSERT INTO users (User, Password, Email, active, id_type) VALUES(?,?,?,?,?)");
    $stmt->bind_param('ssssi', $User, $password_hash, $Email, $active, $user_type);
    if ($stmt->execute()){
        return $mysqli->insert_id;
    } else {
        return 0;

The user registers well and with the encrypted password

When I try to log in, it tells me the incorrect password :

function login($User, $Password, **[Intente poner $mysqli pero tengo error]**){
    global $mysqli;
    $stmt = $mysqli->prepare("SELECT id, id_type, Password FROM users WHERE User = ? || Email = ? LIMIT 1");
    $stmt->bind_param("ss", $User, $User);
    $rows = $stmt->num_rows;

    if($rows > 0) {
            $stmt->bind_result($id, $id_type, $Password);
            $validatePassword = password_verify($Password, $Password); [He cambiando a $Password, $hash, $password_hash pero no he podido ingresar]

                $_SESSION['id_User'] = $id;
                $_SESSION['user_type'] = $id_type;
                header("location: cpanel.php");
            } else {
                $errors = "La contraseña es incorrecta";
        } else {
            $errors = 'El usuario no esta activo';
    } else {
        $errors = "El nombre de usuario o correo electrónico no existe";
    return $errors;

I have searched everywhere to try to modify but has not paid attention, I added to my database a user with a numeric password to check and it still goes on, I think the problem is in the login or in a part of register.

Added: The password option has a varchar (250) and I have increased it to 1000 to test but nothing. I have the latest PHP version too

asked by sqk 26.07.2018 в 23:40

2 answers


to encrypt:

$hashgenerado = password_hash($clavedelusuario, PASSWORD_DEFAULT);

(I guess $ hash has saved it to a table or something)

to verify when the us enters:

if password_verify($clavedelusuario, $hashgenerado) => ok.
answered by 28.07.2018 в 03:57

Assuming that your hashPassword function uses php password_hash correctly (the code does not appear), you can try the following:

In the bind_result you must change the name of the third variable so that you do not lose (do not overwrite) the $ Password that you receive as a parameter to validate ..

$stmt->bind_result($id, $id_type, $PasswordHashInDB);
$validatePassword = password_verify($Password, $PasswordHashInDB);
answered by 28.07.2018 в 20:11