password_verify doesn't verify hash

Question

I hash my inserted passwords via password_hash. I verify them by using password_verify.

However when I insert a hashed password in my database and I try to verify it

Answer 1

You rehashed the password - just pass the plaintext password and your hash (from db) to password_verify and it works.

Answer 2

The function password_verify(); takes two parameters; a non-hashed input, and a stored hash to compare it to. It hashes the non-hashed input automatically to compared it to the stored version. So your initial code was re-hashing an already hashed password. Should look like this:

$verify=password_verify($_POST['passwrd'],$row[2]);

if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}