This is my first time using mongodb with php and I have a register and a login form . When a user registers I succesfully hash his password using password_hash() php function and insert it in a mongodb collection . However when I login and insert a password I want to check if inserted password corresponds to a hashed password in the collection using password_verify()
I cannot find the correct syntax to iterate through the collection and check if a hashed password matches with the given password when I login .
My code :
JavaScript
x
<?php require '../vendor/autoload.php';$m = new MongoDBClient("mongodb://127.0.0.1/");$db = $m ->ECommerce;$collection = $db->users;if($_POST){ $uname = $_POST['uname']; $pwd = $_POST['pwd']; //which is the second argument here ? I want to add the database password as argument $cursor = $collection->find(array('password'=> password_verify($pwd ,) )); foreach ($cursor as $doc){ echo $doc["firstName"]; } }?>Advertisement
Answer
If you like to use the password_verify() function then I guess you have to run it like this:
JavaScript
$cursor = $collection->find(array('username' => $uname ));foreach ($cursor as $doc){ if ( password_verify($pwd, $doc["password"]) ) { echo $doc["firstName"]; }}Or with a single query:
JavaScript
$cursor = $collection->find(array('username' => $uname, 'password' => password_hash($pwd) ));