A
Anonymous
Guest
I currently have the following PHP code:
Whenever I debug the code, the value of $hashedPassword does match that of the value in the database(I copy the value, use control+f in phpMyAdmin, and verify that the desired login matches), however after my AJAX request it always returns the following JSON(from my Else statement):
Edit - If I assign a variable to the password_verify outside and then use a conditional statement to check the variable, it will always return a True value. I am so confused.
Code:
<?php
// Check if the user is currently logged in
if (isset($_SESSION["id"])) {
// Return a JSON object to indicate the login status
echo '{"isset": true}';
} else {
// Database variables
$serverName = "removed from code";
$dbUsername = "removed from code";
$dbPassword = "removed from code";
$dbName = "removed from code";
// Login <form> variables
$inputEmail = $_POST['email'];
$inputPassword = $_POST['password'];
// Create connection
$dsn = 'mysql:dbname='.$dbName.';host='.$serverName.';charset=utf8mb4';
$db = new PDO($dsn, $dbUsername, $dbPassword);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
try {
// Select 1 row, but all columns from the [users] table by the username column
$stmt = $db->prepare("SELECT * FROM users WHERE email=:email LIMIT 1");
// Parameterize the query
$stmt->bindValue(':email', $inputEmail, PDO::PARAM_INT);
// Execute the query and return the results into $row
$stmt->execute();
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Ensure that a row was returned
if (count($row) > 0) {
// Get just hashed password
$hashedPassword = $row[0]['password'];
// Confirm that the hashed username matches input as well
if(password_verify($inputPassword, $hashedPassword)) {
// Return the JSON equivalent of what was just queried
echo json_encode($row);
} else {
// Return a JSON object to indicate the invalid login
echo '{"valid": false, "email": true, "password": false}';
}
} else {
// Return a JSON object to indicate the invalid login
echo '{"valid": false, "email": false, "password": null}';
}
// Explicitly close the connection
$db = null;
} catch(PDOException $ex) {
// debug mode, simply echo the exception
echo json_encode($ex->getMessage());
}
}
?>
Whenever I debug the code, the value of $hashedPassword does match that of the value in the database(I copy the value, use control+f in phpMyAdmin, and verify that the desired login matches), however after my AJAX request it always returns the following JSON(from my Else statement):
Code:
{
"valid": false,
"email": true,
"password": false
}
Edit - If I assign a variable to the password_verify outside and then use a conditional statement to check the variable, it will always return a True value. I am so confused.