Using PHP 5.5’s password_hash and password_verify function

by

Ignoring the issues with your database statements for now, I’ll answer the question regarding password_hash.

In short, no, that is not how you do it. You do not want to store the salt alone, you should be storing both the hash and salt, and then using both to verify the password. password_hash returns a string containing both.

The password_hash function returns a string that contains both the hash and the salt. So:

$hashAndSalt = password_hash($password, PASSWORD_BCRYPT);
// Insert $hashAndSalt into database against user

Then to verify:

// Fetch hash+salt from database, place in $hashAndSalt variable
// and then to verify $password:
if (password_verify($password, $hashAndSalt)) {
   // Verified
}

Additionally, as the comments suggest, if you’re interested in security you may want to look at mysqli (ext/mysql is deprecated in PHP5.5), and also this article on SQL injection: http://php.net/manual/en/security.database.sql-injection.php

More Related Contents:

  1. password_hash returns different value every time
  2. Why hash_equals and password_verify are not working properly?
  3. Secure hash and salt for PHP passwords
  4. php mysqli_connect: authentication method unknown to the client [caching_sha2_password]
  5. How to retract a salted password from the Database and auth user?
  6. How to best store user information and user login and password
  7. encrypt and decrypt md5
  8. Why is password_verify returning false?
  9. How to create a laravel hashed password
  10. Hiding true database object ID in url’s
  11. a better approach than storing mysql password in plain text in config file?
  12. How to log in to phpMyAdmin with WAMP, what is the username and password?
  13. Strange problem with the length of the field gotten from database [duplicate]
  14. Improve password hashing with a random salt
  15. How to update multiple MySQL table entries with different id?
  16. Can’t insert data into mysql database using PHP [closed]
  17. How can I use PDO to fetch a results array in PHP?
  18. How to solve General error: 2006 MySQL server has gone away
  19. How to build a JSON array from mysql database
  20. How to display a date as iso 8601 format with PHP
  21. How to generate unique id in MySQL?
  22. Fatal error: Call to undefined method mysqli_stmt::fetch_array() [duplicate]
  23. PHP & Hash / Fragment Portion of URL
  24. adding 30 minutes to datetime php/mysql
  25. Create table with PHP and populate from MySQL
  26. Using utf8mb4 with php and mysql
  27. how do I get month from date in mysql
  28. Can I detect and handle MySQL Warnings with PHP?
  29. How to write a stored procedure in phpMyAdmin?
  30. mysql count into PHP variable

Leave a Comment