Can't get php password_verify() to work

I'm using php 7 and postgres and I'm failing to get this password hash thing down.

Here's my user Registration. It's outputting passwords to the db similar to "$2y$10$1GWNRZokmwGR1/dxnMRiOuw4/dNh2IzH9O2QvIu5wjlLAX2OZRW5G" which seems to work:

<?php
include 'core/init.php';

if (empty($_POST) === false) {
    $required_fields = array('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email_address', 'phone',
        'department', 'group_role');
    foreach ($_POST as $key => $value) {
        if (empty($value) && in_array($key, $required_fields) === true) {
            $errors[] = 'Fields marked with asterisk are required';
            break 1;
        }
    }
}

if (empty($errors) === true) {
    if (user_exists($_POST['username']) === true) {
        $errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken';
    }
    if (preg_match("/\\s/", $_POST['username']) == true) {
        $errors[] = 'Your useranme must not contain any spaces';
    }
    if (strlen($_POST['password']) < 14) {
        $errors[] = 'Your password must be at least 14 characters';
    }
    if ($_POST['password'] !== $_POST['confirm_password']) {
        $errors[] = 'You passwords do not match';
    }
    if (filter_var($_POST['email_address'], FILTER_VALIDATE_EMAIL) === false) {
        $errors[] = 'A valid email address is required';
    }
    if (email_exists($_POST['email_address']) === true) {
        $errors[] = 'Sorry, this email \'' . $_POST['email_address'] . '\' is already registered';
    }
}

if (isset($_GET['success']) && empty($_GET['success'])) {
    include 'include/iHead.php';
    include 'include/widgets/login.php';
    include 'include/widgets/login_report.php';
    if (empty($errors) === false) {
        ?>
        <h3>Registration Successful! You will receive an email once your registration is approved. </h3>
        <?php
        include 'include/widgets/login_rpt.php';
    }
} else {
    if (empty($_POST) === false && empty($errors) === true) {
        $user_req = $_POST['username'];
        $password = $_POST['password'];
        $hashedPassword = password_hash($password, PASSWORD_DEFAULT)."\n";
        $register_data = array(
            'username' => $_POST['username'],
            'password' => $hashedPassword,
            'first_name' => $_POST['first_name'],
            'last_name' => $_POST['last_name'],
            'email_address' => $_POST['email_address'],
            'phone' => $_POST['phone'],
            'department' => $_POST['department'],
            'region' => $_POST['region'],
            'group_role' => $_POST['group_role'],
            'active' => 0
        );
        register_user($register_data);
        header('Location: register.php?success');
        exit();
    } else if (empty($errors) === false) {
        include 'include/iHead.php';
        include 'include/widgets/login.php';
        include 'include/widgets/login_report.php';
        if (empty($errors) === false) {
            ?>
            <h3>Registration unsuccessful: </h3>
            <?php
            echo output_errors($errors);
            include 'include/widgets/login_rpt.php';
        }
    }
}
function email_exists($email) {
    $email = sanitize($email);
//    echo "SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'";
    return (pg_fetch_result(pg_query("SELECT COUNT (userid) FROM user_profiles WHERE email_address = '$email'"), 0) == 1) ? true : false;
}
?>

And here is my login script:

<?php
include 'core/init.php';

if (empty($_POST) === false) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (empty($username) === true || empty($password) === true) {
        $errors[] = 'Please enter a username and password';
    } else if (user_exists($username) === false) {
        $errors[] = 'Username not found.  Please register.';
    } else if (user_active($username) === false) {
        $errors[] = 'Account not active';
    } else {

        if (strlen($password) > 32) {
            $errors[] = 'Password too long';
        }

        $hash = login($username, $password);
        if (password_verify($password, "$hash")) {
            $_SESSION['userid'] = $login;
            header('Location: main.php');
            exit;
        } else {
            $errors[] = " Username & Password are incorrect";
        }
    }
} else {
    header('Location: index.php');
}
include 'include/iHead.php';
include 'include/widgets/login.php';
include 'include/widgets/login_report.php';
if (empty($errors) === false) {
    ?>
    <h3>login unsuccessful: </h3>
    <?php
    echo output_errors($errors);
    include 'include/widgets/login_rpt.php';
    include 'include/eFoot.php';
}
function login($username, $password) {
    $user_id = get_id($username);
    $username = sanitize($username);
//    $hash = password_hash($password, PASSWORD_DEFAULT);
    $row = pg_fetch_assoc(pg_query("SELECT password FROM user_profiles WHERE username = '$username'"));
    $hash = $row['password'];
    return $hash;
}
?>

I'm new to php, so any help would be outstanding!!!

Answers


Okay, thank you for your answers, but none of you were correct. I had to use pg_escape_string prior to the hash and verify functions. Simple, simple, simple....


Need Your Help

Action Listener on a radio button

java swing applet actionlistener jradiobutton

I would like to set editable option of a text box based on the selection of a radio button? How to code the action listener on the radio button?

Does Pro guard removes airpush?

android proguard ads

So i have a few apps on the app store, when they are in development process like not signed with keys or anything just installing the app via ADB the ads show up just fine. But every since i started