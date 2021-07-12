This is looking ok so far. What I would do next is check the logic. When using the password_verify() function, you wouldn’t need to pass in the password in your WHERE clause. So instead, the query should be

$conn->prepare("SELECT * FROM Admin WHERE Username = :Username");

You would also have to bind the placeholder with the variable. Most people use either bindValue() or bindParam() . I prefer using an array and passing it into the execute() method which does the same thing.

Next, you’d have to check the password the user provided with the fully hashed password from that account using password_verify() when you’ve selected the user’s account.

Just a little reminder, since you’re using password_verify() , your passwords you have in the database should be changed immediately or you’re going to scratch your head at why your passwords are failing at the verify level. password_verify() only tries to verify against algorithms that are within password_hash() . If you still have password hashed in say MD5 or SHA or something, it’ll fail.

If you’re confused on how to get a hashed password, I’d suggest running a test file where you can just have a 1 liner like

<?php print password_hash('MyCoolPassword,DontForgetToChangeThisLine', PASSWORD_DEFAULT);

That way, you can then copy the password that’s generated using password_hash() and paste it over your old plain text or old hashed passwords. Also, each page refresh when doing tests like these generates a new hash. So you won’t get the same hashed passwords every time which is what you want.

There’s more to your code that I am seeing, but I’ll let you catch up for now.