PHP database comparing hashed login with db

I am attempting to build a login feature but without a registration system. This presents an issue as I am not sure how to make hashing compatible between mysql and php.

My PHP code:

    if (password_verify($upass, 'sha256') && $count == 1){
        $_SESSION['userSession'] = $row['uid'];
        header("Location:profilepage.php");
    }
    else {
     //SPLOSIONS!!
    }

$upass represents a POST on my form input, where users enter their given password.

My attempt at hashing password in MySQL:

 UPDATE users SET `userpassword` = SHA2(`userpassword`, 256)

The userpassword matches my userpassword column on my database, which I have hashed with SHA2.

The problem here is that my password_verify code on PHP appears incompatible with my updated hashed password on MySQL. As a result I run into my else command, rather than the code I want.

Was wondering how to make my MySQL password column compatible with my PHP code, or vice versa, or if there is a more practical approach to this.

1 answer

  • answered 2017-06-17 19:30 Jason Chen

    Solved it!

    Added the following code:

        $hashslingingslasher = password_hash($upass, PASSWORD_DEFAULT);
    

    Then called it via:

        if (password_verify($upass, $hashslingingslasher) && $count == 1){
            $_SESSION['userSession'] = $row['uid'];
            header("Location:userpage.php");
        }