unable to use password_verify in my site.......

Yes i m using server behavior. .. I don't know how to use server side...! 

DMX Zone has modern commercial extensions to replace the deprecated SB panels in DW.

https://www.dmxzone.com/go/32980/creating-a-complete-login-system-with-dmxzone-security-provider

Or see link below for a coding tutorial:

Simple User Registration & Login Script in PHP and MySQLi | All PHP Tricks

Nancy

You should not use this code.  It's not secure & it won't work on PHP 7 servers.

I m using 5.4 php server

iamdpk  wrote I m using 5.4 php server

I think the password_hash function was only introduced in php 5.5

In addition to osgood_'s answer, please see Securely Hash Passwords with PHP — Jonathan Suh

Which version of PHP are you working with?

That's just it.  I don't think, given your current setup, that it can be "solved", at least not the way you hope.

From what I've read, so far, you can upgrade to PHP 5.5 to use the code that you have been advised to not use, or you can learn how to code and do it a proper way.  No one is trying to punish you or make your life miserable.  But advice, decent advise, has been provided.  It's up to you on where to go from here.

V/r,

^ _ ^

I have to buy dreamweaver cc for that! I m using dreamweaver cs6

I'm no fan of DW CC, believe me.  But if you are going to use CS6, then learn to code and build it manually.  I don't see any other options.

V/r,

^ _ ^

No, you don't need to buy CC to work with PHP 5.5 and up.

DWCC has no server behavior panel what-so-ever, it was removed due to the outdated/incorrect code it generated back in CS6 and earlier.

What you do need is either someone who can code to modern standards (this can be you, if you choose to learn how), or one of the paid extensions (that are also compatible with CS6) to bring your version of the program into the modern era.

If you had CC, you would still need one of those two things.

iamdpk  wrote I have to buy dreamweaver cc for that! I m using dreamweaver cs6

If you want to be able to use password_hash and password_verify then I would first see if you have access to php version 5.5+

Is this a remote server you are working with or a local server? You should really have a local server testing environment set up like MAMP or XAMPP - both those will have later versions of php and are freely available to download, so you can test your code, then it would be up to your remote host to move you onto something more advanced than php 5.4

However IF you intend to use the DW Server Behaviours, which I do not advise, you should NOT be upgrading to php version 7, as they wont work, php 5.6 still supports them...I dont think there was a php 6.00 version, it jumped to version 7.

I m working on xamp local server

And my hosting server is set on 5.4 php.(which I can change)

Once you have upgraded your php to something higher than 5.4 BUT NOT 7 change your query string to as below:

$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

GetSQLValueString($loginUsername, "text"));

$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

Then change this line of code:

if(password_verify($_POST['password_input'], $stored_password)) {

To this line of code:

if(password_verify($password, $row['pass'])) {

The below is what you new code should now look like:

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password = $_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

  GetSQLValueString($loginUsername, "text"));

   $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

if(password_verify($password, $row['pass'])){

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;       

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

not working bro...tried as u instructed, but still it sending me to u=f

Then you have something wrongly set up as the code has been tried and tested.

take a look at this code, is there something wrong in this....

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

                       GetSQLValueString($epass, "text"),

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

Have a look at what is being passed into your database from  the registration form as l dont see any username, just the password.

I guess post hh might be the username. It would serve you well to use something more descriptive than a couple of letters.

I could post a more modern approach to a registration and login solution but l somehow think that would be a waste of time as its not really coming across that you would know what to do with it.

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u