Php Programmers,

Getting to build a login page using the php's passwordverify() function.
Issue is, no matter if I give correct password or incorrect, I always get message 'Incorrect user Credentials'.
Why is that ?
The details on Mysql Looks like this:

id | domain | password
0 | gmail.com | 373b29d2837e83b9ca5cec712a5985843df271cc

Obviously, password is hashed using sha_256.

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}

function login_form()
{
    echo $login_form = 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}

function check_user_input()
{
    if(!EMPTY($_POST['domain']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain = trim($_POST['domain']);
    }
    elseif(!EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain_email = trim($_POST['domain_email']);
    }
    else
    {
        die('Input your Domain');
    }

    if(!EMPTY($_POST['password']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $hashed_password = hash('sha256',$_POST['password']); 
    }
    else
    {
        die('Input your Password');
    }
}

function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    Global $domain;
    Global $password; //DELETE
    Global $hashed_password;

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    $conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT password FROM domains WHERE domain = ? OR domain_email = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Registration a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE
        echo $domain = $_POST['domain'];  echo '<br>';//DELETE
        echo $password = $_POST['password']; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"sss",$domain,$domain_email,$password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$db_password);
        mysqli_stmt_fetch($stmt);

        if(!password_verify($password,$db_password)) //FINISH THIS LINE.
        {
            echo __LINE__; echo '<br>';//DELETE
            echo 'password: ' .$password; echo '<br>';
            echo 'hashed password: ' .$hashed_password; echo '<br>';
            echo 'db_password: ' .$db_password; echo '<br>';

            die('Incorrect User Credentials!');
        }
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_close($stmt);
        mysqli_close($conn);

        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';
        echo 'hashed password: ' .$hashed_password; echo '<br>';
        echo 'db_password: ' .$db_password; echo '<br>';
        unset_sessions();
        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';
        echo 'hashed password: ' .$hashed_password; echo '<br>';
        echo 'db_password: ' .$db_password; echo '<br>';
        header('location: home.php');
        exit;
    }
}

Fixed typos.
Get this error:

Deprecated: password_verify(): Passing null to parameter #1 ($password) of type string is deprecated in C:\Program Files\Xampp\htdocs\Work\buzz\Templates\login_TEMPLATE.php on line 117

Deprecated: password_verify(): Passing null to parameter #2 ($hash) of type string is deprecated in C:\Program Files\Xampp\htdocs\Work\buzz\Templates\login_TEMPLATE.php on line 117

Updated code:

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}

function login_form()
{
    echo $login_form = 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}

function check_user_input()
{
    if(!EMPTY($_POST['domain']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain = trim($_POST['domain']);
    }
    elseif(!EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain_email = trim($_POST['domain_email']);
    }
    else
    {
        die('Input your Domain');
    }

    if(!EMPTY($_POST['password']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $password = $_POST['password']; 
        $hashed_password = hash('sha256',$_POST['password']); 
    }
    else
    {
        die('Input your Password');
    }
}

function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    Global $domain;
    Global $password; //DELETE
    Global $hashed_password;

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    $conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT password FROM domains WHERE domain = ? OR domain_email = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Registration a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';//DELETE
        echo 'hashed password: ' .$hashed_password; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"ss",$domain,$domain_email);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$db_password);
        mysqli_stmt_fetch($stmt);

        if(!password_verify($password,$db_password)) //FINISH THIS LINE.
        {
            echo __LINE__; echo '<br>';//DELETE
            echo 'password: ' .$password; echo '<br>';
            echo 'hashed password: ' .$hashed_password; echo '<br>';
            echo 'db_password: ' .$db_password; echo '<br>';

            mysqli_stmt_close($stmt);
            mysqli_close($conn);

            die('Incorrect User Credentials!');
        }
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_close($stmt);
        mysqli_close($conn);

        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';//DELETE
        echo 'hashed password: ' .$hashed_password; echo '<br>';//DELETE
        echo 'db_password: ' .$db_password; echo '<br>';//DELETE

        header('location: home.php');
        exit;
    }
}

@dani,

Well I did ask you suggested. But having bad luck!
I have programmed before (eg 2yrs ago) using password_verify() and so can't figure-out what I am doing wrong this time,

I replaced this:

mysqli_stmt_fetch($stmt)

with this:

if(!mysqli_stmt_fetch($stmt))
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
            echo '<br>';
            echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
            echo '<br>';
            die('Password fetching failed!');
        }

I get this echoed:
Mysqli Error:
Mysqli Error No: 0
Password fetching failed!

It seems mysqli_stmt_fetch() is failing to get the rows. Why ?
I now understand why I was getting the previous error:

**Deprecated: password_verify(): Passing null to parameter #1 ($password) of type string is deprecated in C:\Program Files\Xampp\htdocs\Work\buzz\Templates\login_TEMPLATE.php on line 117

Deprecated: password_verify(): Passing null to parameter #2 ($hash) of type string is deprecated in C:\Program Files\Xampp\htdocs\Work\buzz\Templates\login_TEMPLATE.php on line 117**

When looking at the code block you have posted above, what does it spit out on lines 102 as the password? Is MySQL successfully returning a row with the domain being passed in? It's possible that the MySQL query is succeeding but there's simply zero rows returned, and therefore $db_password is null.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.