Read bcrypted passwords - Login system PHP

So I’ve got a game server that creates a username and a bycrypted password and stores it in a database in mysql. Now I’m having trouble with logging in due to the code not being able to read bcrypted passwords. How do I make my code be able to read bycrypt passwords?

$con = mysqli_connect("localhost", "root", "", "testrealm");

if(isset($_POST['Login'])) {
    $Username = $_POST['Username'];
    $Password = $_POST['Password'];
    $query = "SELECT * FROM accounts WHERE Username='$Username' AND Password='$Password'";
    $result = mysqli_query($con, $query);

    If(mysqli_num_rows($result) == 1)
        header("Location: welcome.php");
        header("Location: denied.php");

the purpose of a hashed password. But did you specify bcrypt or PASSWORD_DEFAULT? I recommend using PASSWORD_DEFAULT and implementing password_needs_rehash.

I also recommend using PDO and prepared statements instead of mysqli:

the simple answer to your question is password_verify:
password_verify($Password, $hashed_result_from_database)

you need to use exit or die after the header redirect. I prefer exit;

edit: i’ve removed some code that could be confusing to a beginner. my apologies.

1 Like
Sponsor our Newsletter | Privacy Policy | Terms of Service