Using password_hash and password_verify [duplicate]

by

On signup you get the password from the user input and generate its has using password_hash():

$hash = password_hash($_POST['password'], PASSWORD_BCRYPT);

You can provide it a custom salt to use, in a third parameter, but the documentation recommends to not do this:

Caution It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one.

You save this hash in the database. Make sure you put it in a CHAR/VARCHAR field of 60 characters or longer.

When the user wants to log in you check the password they input against the hash previously saved using password_verify():

$auth = password_verify($_POST['password'], $hash);

Of course, you get the correct value of $hash from the database, searching by the provided username.

If $auth is TRUE then the provided password matches its hash computed on the registration and the user is authenticated.

More Related Contents:

  1. Perform logic operations on boolean array values
  2. save user images in MYSQL database by which method? [closed]
  3. Scraping data from National weather services
  4. PHP – Get bool to echo false when false
  5. Keeping session alive with Curl and PHP
  6. Insert string at specified position
  7. Copy Image from Remote Server Over HTTP
  8. Php multiple delimiters in explode [duplicate]
  9. How to debug PDO database queries?
  10. PHP: merge two arrays while keeping keys instead of reindexing?
  11. How to make number_format() not to round numbers up
  12. How to count days between two dates in PHP?
  13. Change PHP version used by Composer on Windows
  14. Using PHP substr() and strip_tags() while retaining formatting and without breaking HTML
  15. PHP mutual exclusion (mutex)
  16. Reordering checkout fields in WooCommerce 3
  17. Do SQL connections opened with PDO in PHP have to be closed
  18. How to switch from POST to GET in PHP CURL
  19. Function inside a function.?
  20. Can’t install PHPUnit via PEAR, requires PEAR Installer >= 1.9.2, can’t upgrade PEAR from 1.9.0
  21. how to find number of mondays or tuesdays between two dates?
  22. Chunk and transpose a flat array into rows with a specific number of columns
  23. PHP date – get name of the months in local language
  24. Running a Zend Framework action from command line
  25. php SimpleXML attributes are missing
  26. Deny ajax file access using htaccess
  27. Setting POST variable without using form
  28. how to get user’s screen resolution with PHP [duplicate]
  29. how do I get month from date in mysql
  30. How to import XML string in a php DOMDocument

Leave a Comment