Register:
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
$query = "INSERT INTO users(username,email,password) VALUES('" . $username . "','" . $email . "','" . $hashed_password . "')";
mysql_query($query);
Verification:
$query = "SELECT id,username,password FROM users WHERE email='" . $email . "'";
$row = mysql_fetch_assoc(mysql_query($query));
if (password_verify($password, $row["password"])) {
Ignore the soon-deprecated methods I used, I'll change those soon.
Why isn't this working? It detects the password as being wrong for the username.
I'm using this library to allow the PHP 5.5 functions in previous version: https://github.com/ircmaxell/password_compat
(Yes, I can use that function, I'm on PHP 5.3.15)
Make sure the MySQL field is long enough to store the entire hash, they can get long depending on the function. If it's too short when you insert the hash into your database it will be truncated silently to fit, and that will make checking your password against the hash fail.