Im currently trying to update my insecure login system. However cannot figure out how to incorporate an if (password_verify.. command.
Any help would be most appreciated.
//Create query
$qry="SELECT * FROM user WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
//IF Login Successful
session_regenerate_id();
$user = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID'] = $user['user_id'];
$_SESSION['SESS_FIRST_NAME'] = $user['username'];
$_SESSION['SESS_LAST_NAME'] = $user['password'];
session_write_close();
header("location: home.php");
exit();
}else {
//IF Login failed
$errmsg_arr[] = 'user name and password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
}