if(password_verify($pass, $data['pass'])){
//code here...
}
Thanks for your reply. I do understand the purpose of those prompts...I just wondered if there was a way to eliminate them. As far as the session variables and their placement, I could use a tip on why they shouldn't be there and when and where they should be set. Thanks again!If this can help you:
It's just telling you what should go there. There are two parameters that you must set, I show you an example:
where $pass is the password that is in the database and $data['pass'] is the data you are retrieving from the login form.Code:if(password_verify($pass, $data['pass'])){ //code here... }
By the way, you shouldn't put those $_SESSION[''] variables; there,
If you want I can show you a piece of short code for the login
1- require_once('../config.php');
2- $user = htmlentities(addslashes($_POST['user']));
3- $pass = htmlentities(addslashes($_POST['pass']));
4- $user_exists=0;
5- $sql = "SELECT * FROM table_users WHERE user = '$user'";
6- $res = $conn->prepare($sql);
7- $res->execute();
8- while($file = $res->fetch(PDO::FETCH_ASSOC)){
9- $id = $file['id'];
10- $user1 = $file['user'];
11- if(password_verify($pass, $file['pass'])){
12- $user_exists++;
13- }
14- }
15-
16- if($user_exists!=0){
17- session_start();
18- $_SESSION["user"] = $user1;
19- $_SESSION["id"] = $id;
20- header("Location:../index.php");
21- }else{
22- header("Location:../login.php?smserror");
23- }