montoya49

Hey nomadsoulkarma, yes it should be longer as stated in the book: you should use a varchar(256). But the problem is the query : $q = "SELECT user_id, first_name FROM users WHERE email='$e'"; And then you use : if (password_verify($p, $row['pass'])) So it doesn't know the 'pass', that is why the login always fails. You have to add to the query : $q = "SELECT user_id, first_name, pass FROM users WHERE email='$e'";