How do I use password_hash in select

-2

How do I sign in with the entire encrypted password? I used password_hash and now for me to login like I do?

if(isset($_POST['loggin']))
{
    $user                = trim(strip_tags($_POST['user']));
    $txtpassword         = $_POST['password'];

    $select = "SELECT id, user, password FROM users WHERE BINARY user=:user";

    $result = $conexao->prepare($select);
    $result->bindParam(':user', $user, PDO::PARAM_STR);
    $result->execute();
    if($result->rowCount() == 1)
    {
        $show = $result->fetch(PDO::FETCH_ASSOC);
        $idSession      = $show['id'];
        $passwordHash   = $show['password'];
    }

    if (password_verify($txtpassword, $passwordHash))
    {
        $_SESSION['userId'] = $idSession;
        header("Location: ?p=home");
        die();
    }
    else
    {
        echo '<script language= "javascript">
        location.href="?p=sign_in&action=error_sign_in";
        </script>';
    }
}
    
asked by anonymous 18.12.2015 / 22:42

1 answer

3

Find the password first in the database using the user login, then check:

$senhaPost = $_POST['password']; 
$senhaDB = ...; 

if (password_verify($senhaPost, $senhaDB)) { ... }
    
19.12.2015 / 11:56