“When I echo $valid the output is $2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT”
$2y$10$zzZCN7UlukvY2skb3ELVp.4y3Oc7NJTEsFyqdstqYxT the hash is only 50 in length and is invalid/too short and as I said, MySQL will fail silently; error reporting/checking would not have helped here.
The password’s column length should be 60 (255 is suggested), so it wasn’t stored correctly originally.
You will need to clear your password column/or table, increase your column’s length, and start over again.
Reference:
“Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).”
You can also modify your query to read as:
$con = new mysqli("xxx", "xxx", "xxx", "xxx");
if ($con->connect_error) {
die('Connect Error (' . $con->connect_errno . ') '
. $con->connect_error);
}
$query = "SELECT `pass` FROM `user` WHERE `email`='$emailLogin'";
$result = $con->query($query);
// error checking on the query
if (!$result) {
echo "<p>There was an error in query: $query</p>";
echo $con->error;
}
$row_hash = $result->fetch_array();
if (password_verify($passLogin, $row_hash['pass'])) {
echo "Success!";
}
Edit:
Adding from a comment I left to the OP:
Your verify function needs to have a connection made to your database, that is what I feel is happening here (variable scope). So you’ll need to either use global $con; or pass the connection (variable) to your function (which is better in most cases).
I don’t know if you’re doing an “include” for the function, and if so, then that’s what the other problem is.
I.e.: function VUP($con, $check, $valid){ or function VUP($check, $valid){ global $con; – Try both. Use $result = mysqli_query($con, $query) or die(mysqli_error($con)); instead of the one you have now.