Password_verify without if

Please, is there anyway I can change this code :

$get_user = “select * from users where user_email=‘$user_email’ AND password=SHA2(‘$user_pass’, 512)”;
to :

$get_user = “select * from users where user_email=‘$user_email’ AND password_verify(‘$user_pass’, row[‘password’])”;

thanks.

You should be using prepared statements something like the following

        $sql = "SELECT id, hashed_password FROM " . static::$table . " WHERE username =:username LIMIT 1";

        $user = static::fetch_by_column_name($sql);

        if ($user && password_verify($this->password, $user['hashed_password'])) {
            unset($this->password, $user['hashed_password']);
            session_regenerate_id(); // prevent session fixation attacks
            static::$last_login = $_SESSION['last_login'] = time();
            $this->id = $_SESSION['id'] = $user['id'];
            header("Location: index.php");
            exit();
        }

        static::$error[] = 'Unable to login in!';

The code was taken from a PHP Class, but the important thing is the query just checks the username via a prepared statement and gets the hashed password stored in the database table. Then you verify the password against the database table. The whole code and more can be found here - phototechguru/Login.php at master · Strider64/phototechguru · GitHub

Wao! this really explains what I am looking for.
Thanks

Sponsor our Newsletter | Privacy Policy | Terms of Service