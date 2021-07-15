I would have thought it would be easier to be taught rather than just told to “Google it”! But I don’t know - I am old enough for coding to have not been taught when I was at school.

I taught myself HTML 25+ years ago, when it was just HTML3 and hand coded my first personal website in a text editor (on the Amiga computer). I then came back to web coding about 2 years ago and have been teaching myself HTML5, CSS, PHP, mySQL and a little (only a little, so far!) javascript. I have used a mixture of books, YouTube, Google, forums. I am no kind of expert at all, but I am earlier enough in my learning curve to remember my early mistakes and misunderstandings.

I have a couple of further points to make about your code.

Re password_hash. I’m not sure wether you understand that it works as follows:

password_hash() takes a password as input and then encrypts it and outputs the encrypted password which you then store in your database. This cannot be reverse engineered to obtain the password - no-one can take this encrypted password and work out what the password is.

password_verify() then takes two arguments (“inputs” if you like) - one is this encrypted password, from your database, that was created by password_hash (usually when a user registers) (eg

$2y$12$JjbjqRYzxFO2L4.rcPdW/OcVCR1KUIDCN6DvsIUDFaR7JxKTSMh/2

) and the other is the password entered by the user when attempting to log on (eg ‘MyDogFido123’).

password_verify then passes a result of either true or false, depending on whether the encrypted password matches the plain text password.

That’s why I wondered how you are creating the password that is stored in your database table “Admin”.

My second point is that I think you may be trying to use the database password as the user login password. But no-one else has picked up on this so far so I am beginning to doubt myself a little (but only a little). Are you getting these two sets of passwords/usernames mixed up - the database username/password and the username/password of the person who is trying to login in to your site?

I hope I am explaining things OK here - others will hopefully chime in to say whether this is indeed a mistake that you are making or whether I have got this wrong.