php - How to verify hashed password when a user logs in -
can please tell me how suppose verify hashed password when logging in?
here registration code:
$db_password = password_hash($password, password_default); // enter info database. $info2 = htmlspecialchars($info); $sql = mysql_query("insert users (first_name, last_name, email_address, username, password, signup_date) values('$first_name', '$last_name', '$email_address', '$username', '$db_password', now())") or die (mysql_error());
this check user code run @ login . .
$hash = password_hash($password, password_default); // check if user info validates db $sql = mysql_query("select * users username='$username' , password='$hash' , activated='1'"); $login_check = mysql_num_rows($sql);
i can not figure out.
your verification wrong...you hashing password on again, result in brand-new salt...thus different hash value. when passwords hashed (correctly), use salt (random string) sufficiently long prevent rainbow attack. password_hash
doing of behind scenes you.
however, means have make sure use same salt in order verify password storing along hash. in case of code using, it's doing part , salt prefix of result of password_hash
.
when user logs in, need do:
if( password_verify($loginpasswordtext, $hashstoredindb) ) { //success }
Comments
Post a Comment