The authorization issue,what to do?

Hello,I have a problem and I can't get to her since Monday.
There is a database(if you need it screens I will throw off),the user registration passes normally through the new password_hash and all data are stored in the users table in the database.But it is necessary to enter the registration code below that mysqli_num_rows is always output zero,only when adding to the query
count(*) starts something move,but then the password will always be right.
The question is,what do I do wrong in the code with the login?

Here is the code signin.php
<?php
session_start();
require_once 'connect.php';
global $connect;

$login = $_POST['login'];
$password = $_POST['password'];
$heshik = password_hash($password, PASSWORD_DEFAULT);
$VerifyPass = password_verify($password, $heshik);


$check_user = mysqli_query($connect, "SELECT * FROM users WHERE login = '$login' AND password = '$password'");

echo mysqli_num_rows($check_user);

echo mysqli_error($connect); 

if (mysqli_num_rows($check_user) > 0){

 $user = mysqli_fetch_assoc($check_user); 

 $_SESSION['user'] = [
 "id" => $user['id'],
 "login" => $user['login'],
 "avatar" => $user['avatar'],
 "email" => $user['email']
];

}else{
 echo 'hui';
}
?>

Here is the code signup.php
<?php
session_start();

require_once 'connect.php';

$login = $_POST['login'];
$password = $_POST['password'];
$password_2 = $_POST['password_2'];
$email = $_POST['email'];

if ($password === $password_2){


 $path = 'http://localhost/EGCDMsite/uploads/' . time() . $_FILES['avatar']['name'];
 if (!move_uploaded_file($_FILES['avatar']['tmp_name'], $path)){
 $_SESSION['message'] = 'Error loading images';
 header('Location: http://localhost/EGCDMsite/php/EGCDMreg.php');
}

 $password = password_hash($password, PASSWORD_DEFAULT);

 mysqli_query($connect, "INSERT INTO 'users' ('id', 'login', 'password', 'email', 'avatar') VALUES (NULL, '$login', '$password', '$email', '$path') ");

 $_SESSION['message'] = 'Registration was successful!';
 header('Location: http://localhost/HelloPage.html');
}
else {
 $_SESSION['message'] = 'the Passwords do not match!';
 header('Location: http://localhost/EGCDMsite/php/EGCDMreg.php'); 
}
?>
April 3rd 20 at 18:40
4 answers
April 3rd 20 at 18:42
Solution
$heshik = password_hash($password, PASSWORD_DEFAULT);
$VerifyPass = password_verify($password, $heshik);

Brilliant code.
Long ago I such frills are not seen.

On the topic.
April 3rd 20 at 18:44
Solution
password_hash always returns a different hash, so you need to check using password_verify.

password_hash - yuzaem only during registration and password change
password_verify - only authorization

I.e. get login record from DB and using password_verify compare the hash database with the specified password
Ie I just need to get the username and password_verify down below Yes?I'll check - rowena.Fries commented on April 3rd 20 at 18:47
@rowena.Fries, you need to login to get at least the hash in the database and the hash to verify using password_verify with the password that was specified during login - gretchen.Cronin commented on April 3rd 20 at 18:50
April 3rd 20 at 18:46
Solution
Well, you kind of cheshires password and password_verify doing, but do it on the input data from POST request, and then knock into the database, create the SQL-inj and looking for not the password hash, but because they came from POST. You first have to get the password hash from the database by login, then test it using password_verify.
April 3rd 20 at 18:48
Solution
What kind of nonsense you have in your code?
You calculate the hash from the entered password and then check the password for this hash. Of course, that there will be any password.
Then you are trying to find a user with the specified username and password. But recorded you in the base password and the hash of the password. Naturally, in a database, nothing there.

You need to obtain from the database the hash of the user with the specified username and to compare the specified password with this hash.
I did on the principle of md5 so such nonsense again,I'm just a beginner and asked Council to have less such silly mistakes in the code not to do - rowena.Fries commented on April 3rd 20 at 18:51

Find more questions by tags PHPSQLHTML