Thanks Ray but that doesn't work. I've added several users to the test database with the same password and they are all stored differently in the database, this makes me think a different salt is being used every time, so this would return false as the password hashes would be different. Looking at the interweb there is a process for checking the hashed password against the form input using password_verify().
That would entail pulling the password from the db using the username and storing it in a string and then comparing it to the input password e.g.
$storedpassword = "some value from database";
$inputpassword = ((isset($_POST["password"]))?$_POST["password"]:"") ;
if (password_verify($inputpassword, $storedpassword) {
code if valid
} else {
code if not valid
}
I've tried to integrate this into the $authenticate function from webassist, but I keep on breaking it. Any help would be appreciated.
Thanks.
