PHP 8.1 password_verify not working - grateful for any help at all!

<?php //force https connection...
if ($_SERVER["HTTP_HOST"] != "localhost" AND $_SERVER["HTTP_HOST"] != "192.168.1.66"):
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
endif;
//end force https connection.
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<?php require_once('Connections/users.php'); ?>
<?php require_once('webassist/mysqli/rsobj.php'); ?>
<?php require_once('webassist/mysqli/queryobj.php'); ?>
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);?>
<?php
echo $_SESSION['auth_trigger'];

if (isset($_POST["Submit"]) || isset($_POST["Submit_x"])) :

$Recordset1 = new WA_MySQLi_RS("Recordset1",$users,1);
$Recordset1->setQuery("SELECT * FROM users WHERE username = ?");
$Recordset1->bindParam("s", "".(isset($_POST['Username'])?$_POST['Username']:"") ."", "-1"); //colname
$Recordset1->execute();

$loginUsername = ($_POST['Username']);
$stored_password= $Recordset1->getColumnVal("Password");
$input_password = ((isset($_POST["Password"]))?$_POST["Password"]:"");


// if (password_needs_rehash($stored_password, PASSWORD_DEFAULT) && md5($_POST['Password']) === $stored_password):
// $_SESSION['auth_trigger'] = "passed";
// //store new password
//
// $password = password_hash($_POST['Password'], PASSWORD_DEFAULT);
//
// $update_data = "UPDATE thecfema_CfE.users SET
// Password = '$password'
// WHERE username = '$loginUsername'";
// mysqli_query($users,$update_data) or die ("Error in query: $update_data");
// $stored_password = $password;
//
// endif;



//then sign the user in…
if (password_verify($input_password, $stored_password)) :
$_SESSION['auth_trigger'] = "passed";
else :
$_SESSION['auth_trigger'] = "failed";
endif;

error_log('auth_trigger: '.$_SESSION['auth_trigger']);
error_log('$_POST["Username"]: '.$_POST["Username"]);
error_log('$_POST["Password"]: '.$_POST["Password"]);
error_log('$input_password: '.$input_password);
error_log('$stored_password: '.$stored_password);
error_log('$Recordset1->getColumnVal("Password"): '.$Recordset1->getColumnVal("Password"));



if (isset($_SESSION['auth_trigger']) && ($_SESSION['auth_trigger'] == "passed")) :

//original code from webassist...
$Authenticate = new WA_MySQLi_Auth($users);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "Login";
$Authenticate->Table = "users";
$Authenticate->addFilter("username", "=", "s", "".((isset($_POST["Username"]))?$_POST["Username"]:"") ."");
$Authenticate->addFilter("Password", "=", "s", "".$stored_password."");
$Authenticate->storeResult("username", "MM_Username");
$Authenticate->AutoReturn = false;
$SuccessRedirect = "menu.php";
$FailedRedirect = "index.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();


endif;




endif;




?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Login</title>


<?php !include($_SERVER['DOCUMENT_ROOT'].'/PageLibraries.php')?>


</head>

<body style="margin:0 auto;">
<?php @include('navbar_main.php'); ?>
<br>

<div class="container">

<div class="container-fluid">

<br><br><br><br><br><br><br><br>

<form method="POST" name="getlogin" id="getlogin">

<div class="row">


<div class="col-sm-4">
<div class="input-group input-group-lg"><span class="input-group-addon">Username</span>
<input name="Username" type="text" class="form-control" id="Username" placeholder="username">
</div>
<br>
</div>



<div class="col-sm-4">
<div class="input-group input-group-lg"><span class="input-group-addon">Password</span>
<input name="Password" type="password" class="form-control" id="Password" placeholder="password">
</div>
<br>
</div>

<div class="col-sm-4">
<button type="submit" name="Submit" class="btn btn-success btn-lg">Sign In</button>
</div>

</div>


<br>


</form>








<br>
<p>XX</p>
<br><br>
<div style="width:50%; margin:0 auto;">


<br>


</div>
</div>
</div>
<?php //@include('footer.php'); ?>
</body>
</html>









error_log outputs:

[09-Nov-2022 14:54:38 UTC] auth_trigger: failed
[09-Nov-2022 14:54:38 UTC] $_POST["Username"]: demo
[09-Nov-2022 14:54:38 UTC] $_POST["Password"]: demo
[09-Nov-2022 14:54:38 UTC] $input_password: demo
[09-Nov-2022 14:54:38 UTC] $stored_password: $2y$10$zSS9Bzq2eJ&#x2F;e1W.kXSkKb.fUUjjv0tPRbRAUp0Abp.fM&#x2F;rHNUtimC
[09-Nov-2022 14:54:38 UTC] $Recordset1->getColumnVal("Password"): $2y$10$zSS9Bzq2eJ&#x2F;e1W.kXSkKb.fUUjjv0tPRbRAUp0Abp.fM&#x2F;rHNUtimC

Added strlen functions to error_log as follows:

error_log(strlen($stored_password));
error_log(strlen($Recordset1->getColumnVal("Password")));

Both string lengths are reported to be 70 but should be 60.

Haven't found any problems yet with character encoding in the tables/columns but am I going in the right direction now?

The password recordset was returning HTML special characters. The following addition fixed it...

$stored_password= html_entity_decode($stored_password, ENT_QUOTES | ENT_HTML5, 'UTF-8');

Looks to be working fine now. Posting this to help others in the future, and possibly myself when I forget this workaround!

This would automatically remove any encoding:
$stored_password= $Recordset1->getColumnVal("Password",false);

Thanks Ray, a far more elegant solution!

Can I just say I really appreciate your MySQLi Server Behaviours and your support on these forums - excellent product and excellent support. Long time listener, first time caller situation!

Donation on the way!

Regards
Chris

Thanks Chris. I appreciate the feedback and I'm glad to help.