Hallo,
komischerweise ist jedes Passwort valide obwohl es eigentlich Invalide ist. Was mache ich falsch?
PHP
<?php
$connection = new PDO('mysql:host=localhost;dbname=asasas', 'asasasas', 'asasasas');
if (isset($_GET["username"]) && !empty($_GET["password"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;
} else {
echo 'Einfach mal nö';
}
$stmt = $connection->prepare("SELECT * from users WHERE `username` = :username AND password = :password");
$stmt->bindValue(":username", $username);
$stmt->bindValue(":password", $hash);
$stmt->execute();
if (password_verify($password, $hash)) {
echo '1';
}
else {
echo '0';
}
?>