<?php 
if(isset($_POST['login']))
{
    require 'connection.php';
    include 'password.php';

    $email = $_POST['email'];
    $password = $_POST['pass'];

    $query = $dbh->prepare("SELECT id,name,email,password FROM users WHERE email = :email");
    $query->bindParam(':email', $email, PDO::PARAM_STR);
    $query->execute();

    $userData = $query->fetch(PDO::FETCH_ASSOC);
    $userEmail = $userData['email'];
    $hash = $userData['password'];

    if(password_verify($password, $hash) && $email == $userEmail)
    {
        session_start();
        $_SESSION['sess_user_id'] = $userData['id'];
        $_SESSION['sess_name'] = $userData['name'];
        echo "<script type='text/javascript>window.location = 'home.php'; </script>";
    }
    else
    { 
        echo "<script>alert('Incorrect email/password');</script>";
    }
}
?>

the include 'password.php' is the library for php 5.5 password function to be able to be used in php 5.3 and 5.4.

so this is my script for login but i keep getting incorrect email/password but i filled it in correctly. what am i doing wrong?

TIA!

can you var_dump or print_r the $userEmail and $hash? What did you get?

If you want, you can also use this.

what do you get? when you echo $query ?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.