I’m trying to insert a hashed password on Database. The code to hash the text works, but I don’t know how to write a code that can verify the hash registered on Database and then log in.
In other words…
- I registered a password named ‘pass’
- The code hashed it and registered on DB as something like ‘kjgdvhfjgsdkjfgsdklfjgakjsdgfksghcvkly7e89634ryhner8’;
- Now I want to log in to my system with the original password ‘pass’.
AddNewAdmin.php
//Query to insert new admin in DB when everything is fine...
$HashPass = password_hash($Password, PASSWORD_DEFAULT);
global $ConnectingDB;
$sql = "INSERT INTO admins(datetime,username,password,aname,addedby)";
$sql .= "VALUES(:dateTime,:userName,:password,:aName,:adminName)";
$stmt = $ConnectingDB->prepare($sql);
$stmt->bindValue(':dateTime', $DateTime);
$stmt->bindValue(':userName', $UserName);
$stmt->bindValue(':password', $HashPass);
$stmt->bindValue(':aName', $Name);
$stmt->bindValue(':adminName', $Admin);
$Execute = $stmt->execute();
if ($Execute) {
$_SESSION["SuccessMessage"] = "Admin added successfully!";
Redirect_to("AddNewAdmin.php");
} else {
$_SESSION["ErrorMessage"] = "Something went wrong. Try again.";
Redirect_to("AddNewAdmin.php");
}
AdminLogin.php
if (isset($_SESSION["UserId"])) {
Redirect_to("Dashboard.php?page=1");
}
if (isset($_POST["Submit"])) {
$UserName = $_POST["Username"];
$Password = $_POST["Password"];
if (empty($UserName) || empty($Password)) {
$_SESSION["ErrorMessage"] = "All fields must be filled out.";
Redirect_to("AdminLogin.php");
} else {
// code for checking username and password from Database
$Found_Account = Login_Attempt($UserName, $Password);
if ($Found_Account) {
$_SESSION["UserId"] = $Found_Account["id"];
$_SESSION["UserName"] = $Found_Account["username"];
$_SESSION["AdminName"] = $Found_Account["aname"];
$_SESSION["SuccessMessage"] = "Welcome " . $_SESSION["AdminName"] . "!";
if (isset($_SESSION["TrackingURL"])) {
Redirect_to($_SESSION["TrackingURL"]);
}
Redirect_to("Dashboard.php?page=1");
} else {
$_SESSION["ErrorMessage"] = "Incorrect username or password.";
Redirect_to("AdminLogin.php");
}
}
}