Luv-PHP Verifying user passwords

phpftw PHP, in my opinion, is one of the worlds most misunderstood programming languages. Older developers who’ve been around since its inception can remember a time when PHP didn’t have object oriented features and OOP has been around since the 60s. But today PHP is a fully functional programming language that can handle its own when paired with good programming practices. So here today I’m going to show you a small useful function in PHP used to verify passwords that have been hashed in the database. In this tutorial I will be assuming you know some PHP and MYSQL basics such as how to setup a database, connecting to the database, etc. All the code is provided in this GitHub repository, so no heavy amount of set-up is needed.

In this exercise, we will be using PHP data-objects(PDO). PDO is amazing in the fact that it provides you with a way to use the same functions to issue queries and fetch data, no matter the database you’re using. With that said let’s jump right in.

loginform

We have a simple log-in form that we will be using to submit data into our database. Assuming you’ve already set-up your database and tables, there is a query provided to insert your username and password in the “main.php” file located below the closing body tag.

hashed

 

After running this query it will populate your database table with the username and password you provided. Be sure to delete or comment out the previous query as it may cause log-in problems with the rowCount() function we will be using. Now you have everything it takes in order to use the password_verify function. Head back to the log-in form and type in the information you provided in the query above.  Under the hood of your login form, there are various functions and forms of verification running behind the scenes. To start we take our user input and sanitize it like so….

sanitizeinputs

Next step is to check if the username submitted is part of a row in the database.  For this, we use a PDO prepared statement.  Using this we need to check if the username corresponds to a row in the designated table associated with our database.

checkifuser

 

 

Now here is where all of the magic happens. We take the information that we get back from the database and insert it into an associative array.

assoc

This returns an array indexed by column name, so now you will be able to grab the password from the results. Using this password, it is now time to use the password_verify function. This function takes two inputs, the first being the password that the user submitted and the password that is currently in our $dbpassword variable. We will also be checking to see if there is more than one user in the database that shares the same username using the rowCount() function. This just returns the number of rows that were affected by the query. Now in a normal web app, you would have the user submit his or her e-mail address which would be his or her unique identifier preventing duplications from happening but for this tutorial, we will just be using a username field.

verify&count

If all is well so far than it is now time to check our work, here we will set up an if statement and see if our $count variable is equal to 1 row affected, and we’ll see if our password_verify() function returns true. If everything goes as planned, we shall set a nice message in our session variable and set our header function to send us back to the homepage. Don’t forget to set your database connection to null and exit so no more code is run.

 

There should be a success message waiting for you and you now know how to verify user passwords using the password_verify function.

correction

 

Congratulations. Don’t forget to follow and leave a comment below.

4 Replies to “Luv-PHP Verifying user passwords”

  1. It just looks better and better all the time. Very good work!

    Do you know Udemy? I was just glancing at their site and wondering if you could create your own online course, recruit your own students and, perhaps, get a bit of extra income while you’re at it.

    Liked by 1 person

    1. Thanks, Sam I appreciate the encouragement. I would love to teach web development to more people. This has been both fun and an amazing experience for me. It gives me more inspiration each day. I’m striving to improve so I can help others do the same.

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s