Quote:
Originally Posted by Publisher Bucks
Yes, the user submits their required password and i encrypt it through submit.php when it gets written to the database.
Here is the submit.php file that sends data to SQL...
I beleive the part in bold should be doing the encrypting correctly and storing it in the 'password' column in the table that im calling from the login script?
|
That is not where your problem is.
zijlstravideo pointed it out.
In the code in your first post you have this line:
if ($_POST['password'] === $password)
You are comparing the unencrypted password that the user entered with the encrypted password from the database.
They will never match.
You need to encrypt the password entered to do the comparison.
So the code he put up there should replace the if you are using:
if (password_hash($_POST['password'], PASSWORD_BCRYPT) === $password)
.