PHP login part is not working using password_verify()

Question

I'm currently doing a project for my assignment. I have a problem with my login part. Apparently, it says the following:

Login error username does not exist.

When I did this for customer login & registration, it logged in perfectly. When I tried logging in for the admin side, it went wrong even though the data is already in the mysql database.

I don't know which part of the code is wrong. (I just recently started learning PHP). Please do point out. Thank you.

register_a_action.php

<?php
session_start();
include("include/config.php");
?>
<!DOCTYPE html>
<html>
<head>
<title>mylokalFood</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="css/w3.css">
<link rel="stylesheet" type="text/css" href="css/mystyle.css">
<!-- Load font and icon library -->
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Raleway">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>

<body>
<!-- Header -->
<header>
<?php
include("include/userNav.php");
?>  
</header>   
<!-- Navigation Menu -->
<nav class="topnav">
<?php
include("include/topNav.php");
?>
</nav>
<!-- Page content row -->
<div class="row">
<?php
//include("include/sideNav.php");
?>

<?php
//========================================================================
function validateInput($data, $fieldName) {
    global $errorCount;
    if (empty($data)) {
        displayRequired($fieldName);
        ++$errorCount;
        $retval = "";
    } else { // Only clean up the input if it isn't empty
        
        //email validation      
        if($fieldName == "Guest Email"){
            if (!filter_var($data, FILTER_VALIDATE_EMAIL)){
                    $errorCount++;
                    echo("$data is not a valid email address <br />");
            }
        }
        
        /*//password validation - length at least 8
        if($fieldName == "Password"){
            echo "Password is $data, Length =" . strlen($data) . " <br />";
        }*/
    
        $retval = trim($data);
        $retval = stripslashes($retval);
    }
    return($retval);
}

function displayRequired($fieldName) {
     echo "The field \"$fieldName\" is required.<br />\n";
}

//============================================================================
//Step 1: Input validation
$errorCount = 0;
$admin_name = validateInput($_POST['adminName'], "Name"); 
$admin_email = validateInput($_POST['adminEmail'], "Email"); 
$admin_pwd = validateInput($_POST['adminPwd'], "Password");
$admin_type = validateInput($_POST['adminType'], "Type");

if ($errorCount>0) {
     echo "Please use the \"Back\" button to re-enter the 
          data.<br />\n";         
}
else {
    //validation ok
    //echo "<p>Thank you for filling out the registration form, <b>".$cust_name."</b>. <br /></br></p>";
    
//STEP 2: Check if user already exist
    $sql = "SELECT * FROM admin WHERE admin_email='$admin_email' AND admin_pwd='$admin_pwd' LIMIT 1";   
    $result = mysqli_query($conn, $sql);
    
    if (mysqli_num_rows($result) == 1) {
        echo "<p ><b>Error:</b> Admin Exist, cannot register</p>";      
    } else {
        // User does not exist, insert new user record, hash the password       
        $pwdHash = trim(password_hash($_POST['custPwd'], PASSWORD_DEFAULT)); 
        //echo $pwdHash;
        $sql = "INSERT INTO admin (admin_type, admin_name, admin_email, admin_pwd, pwdHash)
        VALUES ('" . $admin_type . "','" . $admin_name. "','" . $admin_email . "', '" . $admin_pwd . "','$pwdHash')";
        
        if (mysqli_query($conn, $sql)) {
            echo "<p>New admin record created successfully. Welcome <b>".$admin_name."</b></p>";            
        } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($conn);
        }   
    }
}
mysqli_close($conn);
?>
<p><a href="login.php">Please login to continue</a></p>
</body>
</html>

login_a_action.php

<?php
session_start();
include("include/config.php");
?>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Raleway">
<link rel="stylesheet" type="text/css" href="mystyle.css">
</head>
<body>
<h2>Login Information</h2>
<?php
//login values from login form
$username = $_POST['adminEmail']; 
$password = $_POST['adminPwd'];

$sql = "SELECT * FROM admin WHERE admin_email='$username' LIMIT 1";
$result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) == 1) {    
    //check password hash
    $row = mysqli_fetch_assoc($result);
    if (password_verify($_POST['adminPwd'],$row['pwdHash'])) {
        //echo 'Pwd Verified'; // password_verify success!
        echo "Login success. <br> Thank you for filling out the login form, <b>".$username."</b>.<br /><br />";
        $_SESSION["UID"] = $row["admin_id"];//the first record set, bind to userID  
        $_SESSION["userName"] = $row["admin_name"];
        header("location:index.php"); 
    } else {
    echo 'Login error, username or password is incorrect.';
    echo $row['pwdHash'];
    
    }
        
} else {
        echo "Login error, username does not exist.";
} 

mysqli_close($conn);
?>
</body>
</html>

Answer 1

while inserting a record into admin table you hashed the $_POST['custPwd'] and inserted as a 'pwdHash' column in admin. So in login_a_actions.php file your password_verify($_POST['adminPwd'],$row['pwdHash']) this gives that error. Solution is might be you have to change this line $pwdHash = trim(password_hash($_POST['custPwd'], PASSWORD_DEFAULT)); to this => $pwdHash = trim(password_hash($_POST['adminPwd'], PASSWORD_DEFAULT));