This is my first time using mongodb with php and I have a register and a login form . When a user registers I succesfully hash his password using password_hash()
php function and insert it in a mongodb collection . However when I login and insert a password I want to check if inserted password corresponds to a hashed password in the collection using password_verify()
I cannot find the correct syntax to iterate through the collection and check if a hashed password matches with the given password when I login .
My code :
<?php require '../vendor/autoload.php'; $m = new MongoDBClient("mongodb://127.0.0.1/"); $db = $m ->ECommerce; $collection = $db->users; if($_POST){ $uname = $_POST['uname']; $pwd = $_POST['pwd']; //which is the second argument here ? I want to add the database password as argument $cursor = $collection->find(array('password'=> password_verify($pwd ,...) )); foreach ($cursor as $doc){ echo $doc["firstName"]; } } ?>
Advertisement
Answer
If you like to use the password_verify()
function then I guess you have to run it like this:
$cursor = $collection->find(array('username' => $uname )); foreach ($cursor as $doc){ if ( password_verify($pwd, $doc["password"]) ) { echo $doc["firstName"]; } }
Or with a single query:
$cursor = $collection->find(array('username' => $uname, 'password' => password_hash($pwd) ));