PHP 8.1 password_verify not working - grateful for any help at all!
<?php //force https connection...
if ($_SERVER["HTTP_HOST"] != "localhost" AND $_SERVER["HTTP_HOST"] != "192.168.1.66"):
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
endif;
//end force https connection.
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<?php require_once('Connections/users.php'); ?>
<?php require_once('webassist/mysqli/rsobj.php'); ?>
<?php require_once('webassist/mysqli/queryobj.php'); ?>
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);?>
<?php
echo $_SESSION['auth_trigger'];
if (isset($_POST["Submit"]) || isset($_POST["Submit_x"])) :
$Recordset1 = new WA_MySQLi_RS("Recordset1",$users,1);
$Recordset1->setQuery("SELECT * FROM users WHERE username = ?");
$Recordset1->bindParam("s", "".(isset($_POST['Username'])?$_POST['Username']:"") ."", "-1"); //colname
$Recordset1->execute();
$loginUsername = ($_POST['Username']);
$stored_password= $Recordset1->getColumnVal("Password");
$input_password = ((isset($_POST["Password"]))?$_POST["Password"]:"");
// if (password_needs_rehash($stored_password, PASSWORD_DEFAULT) && md5($_POST['Password']) === $stored_password):
// $_SESSION['auth_trigger'] = "passed";
// //store new password
//
// $password = password_hash($_POST['Password'], PASSWORD_DEFAULT);
//
// $update_data = "UPDATE thecfema_CfE.users SET
// Password = '$password'
// WHERE username = '$loginUsername'";
// mysqli_query($users,$update_data) or die ("Error in query: $update_data");
// $stored_password = $password;
//
// endif;
//then sign the user in…
if (password_verify($input_password, $stored_password)) :
$_SESSION['auth_trigger'] = "passed";
else :
$_SESSION['auth_trigger'] = "failed";
endif;
error_log('auth_trigger: '.$_SESSION['auth_trigger']);
error_log('$_POST["Username"]: '.$_POST["Username"]);
error_log('$_POST["Password"]: '.$_POST["Password"]);
error_log('$input_password: '.$input_password);
error_log('$stored_password: '.$stored_password);
error_log('$Recordset1->getColumnVal("Password"): '.$Recordset1->getColumnVal("Password"));
if (isset($_SESSION['auth_trigger']) && ($_SESSION['auth_trigger'] == "passed")) :
//original code from webassist...
$Authenticate = new WA_MySQLi_Auth($users);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "Login";
$Authenticate->Table = "users";
$Authenticate->addFilter("username", "=", "s", "".((isset($_POST["Username"]))?$_POST["Username"]:"") ."");
$Authenticate->addFilter("Password", "=", "s", "".$stored_password."");
$Authenticate->storeResult("username", "MM_Username");
$Authenticate->AutoReturn = false;
$SuccessRedirect = "menu.php";
$FailedRedirect = "index.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
endif;
endif;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Login</title>
<?php !include($_SERVER['DOCUMENT_ROOT'].'/PageLibraries.php')?>
</head>
<body style="margin:0 auto;">
<?php @include('navbar_main.php'); ?>
<br>
<div class="container">
<div class="container-fluid">
<br><br><br><br><br><br><br><br>
<form method="POST" name="getlogin" id="getlogin">
<div class="row">
<div class="col-sm-4">
<div class="input-group input-group-lg"><span class="input-group-addon">Username</span>
<input name="Username" type="text" class="form-control" id="Username" placeholder="username">
</div>
<br>
</div>
<div class="col-sm-4">
<div class="input-group input-group-lg"><span class="input-group-addon">Password</span>
<input name="Password" type="password" class="form-control" id="Password" placeholder="password">
</div>
<br>
</div>
<div class="col-sm-4">
<button type="submit" name="Submit" class="btn btn-success btn-lg">Sign In</button>
</div>
</div>
<br>
</form>
<br>
<p>XX</p>
<br><br>
<div style="width:50%; margin:0 auto;">
<br>
</div>
</div>
</div>
<?php //@include('footer.php'); ?>
</body>
</html>
error_log outputs:
[09-Nov-2022 14:54:38 UTC] auth_trigger: failed
[09-Nov-2022 14:54:38 UTC] $_POST["Username"]: demo
[09-Nov-2022 14:54:38 UTC] $_POST["Password"]: demo
[09-Nov-2022 14:54:38 UTC] $input_password: demo
[09-Nov-2022 14:54:38 UTC] $stored_password: $2y$10$zSS9Bzq2eJ/e1W.kXSkKb.fUUjjv0tPRbRAUp0Abp.fM/rHNUtimC
[09-Nov-2022 14:54:38 UTC] $Recordset1->getColumnVal("Password"): $2y$10$zSS9Bzq2eJ/e1W.kXSkKb.fUUjjv0tPRbRAUp0Abp.fM/rHNUtimC