Skip to content
Advertisement

php mongodb validate form password

This is my first time using mongodb with php and I have a register and a login form . When a user registers I succesfully hash his password using password_hash() php function and insert it in a mongodb collection . However when I login and insert a password I want to check if inserted password corresponds to a hashed password in the collection using password_verify()

I cannot find the correct syntax to iterate through the collection and check if a hashed password matches with the given password when I login .

My code :

<?php

 
require '../vendor/autoload.php';

$m = new MongoDBClient("mongodb://127.0.0.1/");
$db = $m ->ECommerce;

$collection = $db->users;


if($_POST){

  $uname = $_POST['uname'];
  $pwd = $_POST['pwd'];

  //which  is the second argument here ? I want to add the database password as argument 
  $cursor = $collection->find(array('password'=> password_verify($pwd ,...) ));

  foreach ($cursor as $doc){
      echo $doc["firstName"];
  }
  

}

?>

Advertisement

Answer

If you like to use the password_verify() function then I guess you have to run it like this:

$cursor = $collection->find(array('username' => $uname ));
foreach ($cursor as $doc){
   if ( password_verify($pwd, $doc["password"]) ) {
     echo $doc["firstName"];
   }
}

Or with a single query:

$cursor = $collection->find(array('username' => $uname, 'password' => password_hash($pwd) ));
User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement