password_verify() function always return false issue [closed]

this is my login.inc.php file where the login happens

$sql = 'SELECT * FROM users_back WHERE uidUsers =? OR emailUsers = ?';
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$username,$pass]);
        $resut = $stmt->fetch(PDO::FETCH_ASSOC);
        if($row = $resut){
                $passcheck = password_verify($pass,$row['pwdUsers']);
                
                if($passcheck == false){
                  header("location:../index.php?error=wrongpass");
                    exit();
                }
                else if($passcheck == true){
                    session_start();
                    $_SESSION['userId'] = $row['idUsers'];
                    $_SESSION['userUId'] = $row['uidUsers'];
                    header("location:../index.php?login=success".$_SESSION['userId']);
                    exit();


                }

and this is my reset-password.inc.php file which is supposed to change the password if the user forgot his password

$tokenEmail = $row['pwdResetEmail'];
            $sql = 'SELECT * FROM users_back WHERE emailUsers = ?';
            $stmt = $pdo->prepare($sql);
            $stmt->execute([$tokenEmail]);
            $result = $stmt->fetch(PDO::FETCH_ASSOC);
            if(!$row = $result){
                echo 'there was an error!';
                    exit();
            }else{
               $sql = 'UPDATE users_back SET pwdUsers=? WHERE emailUsers=?';
                $hashedpass = password_hash($pass,PASSWORD_DEFAULT);
                $stmt = $pdo->prepare($sql);
               $stmt->execute([$hashedpass,$tokenEmail]); 
        }
                

if I create a new user from the sign-up page, the password_verify() function returns the correct value but the problem is when I changed the password from the reset-password.inc.php page, the password_verify() function always returns false even the password is true. *notice: -My database column which has a password value is LONGTEXT so it’s allowed to has the full hashed password. -I used tokens to reset the password.

Answer

I think, you have logic error in first script, in line $stmt->execute([$username,$pass]);. Because you have emailUsers = $pass in sql, its not right.

Please try $stmt->execute([$username,$username]);