This is my first time using mongodb with php and I have a register and a login form . When a user registers I succesfully hash his password using password_hash() php function and insert it in a mongodb collection . However when I login and insert a password I want to check if inserted password corresponds to a hashed password in the collection using password_verify()
I cannot find the correct syntax to iterate through the collection and check if a hashed password matches with the given password when I login .
My code :
<?php
require '../vendor/autoload.php';
$m = new MongoDBClient("mongodb://127.0.0.1/");
$db = $m ->ECommerce;
$collection = $db->users;
if($_POST){
$uname = $_POST['uname'];
$pwd = $_POST['pwd'];
//which is the second argument here ? I want to add the database password as argument
$cursor = $collection->find(array('password'=> password_verify($pwd ,...) ));
foreach ($cursor as $doc){
echo $doc["firstName"];
}
}
?>
Advertisement
Answer
If you like to use the password_verify() function then I guess you have to run it like this:
$cursor = $collection->find(array('username' => $uname ));
foreach ($cursor as $doc){
if ( password_verify($pwd, $doc["password"]) ) {
echo $doc["firstName"];
}
}
Or with a single query:
$cursor = $collection->find(array('username' => $uname, 'password' => password_hash($pwd) ));