Authenticating a user using mysqli and password_verify()

  1. Comments

That's extremely popular question on various forums and Stack Overflow. An at the same time it's a very good example that can show you how to use Mysqli properly.

First of all make sure that your passwords are stored in the database using password_hash() function.

$stmt $link->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s"$_POST['email']);
$stmt->execute();
$user $stmt->get_result()->fetch_assoc();

if (
$user && password_verify($_POST['pass'], $user['pass']))
{
    echo 
"valid!";
} else {
    echo 
"invalid";
}

Related articles: