PHP salt and hash SHA256 for login password

Question

I ve made encrypting of the password in my register script and they are stored in the database  and I have to use them to login  so I would want to use the unencrypted ones to login  I ve read some of the threads in here but nothing is helping me  How can I add it in my login php  The salt is also stored in the database   This is my register php script for encrypting   hash   hash  sha256    password1    function createSalt          text   md5 uniqid rand    TRUE        return substr  text  0  3       salt   createSalt     password   hash  sha256    salt    hash     and this is my login php with season    Create query  qry  SELECT   FROM member WHERE username   username  AND password   password     result mysql query  qry      Check whether the query was successful or not if  result        if mysql num rows  result   gt  0              Login Successful         session regenerate id             member   mysql fetch assoc  result             SESSION  SESS MEMBER ID      member  id              SESSION  SESS FIRST NAME      member  username              SESSION  SESS LAST NAME      member  password            session write close            header  location  profile php            exit              else             Login failed           error message        else       die  Query failed

User · Answer

array hash algos void   echo hash  sha384    Message to be hashed   salt      Here is a link to reference http   php net manual en function hash php

User · Answer

You can t do that because you can not know the salt at a precise time  Below  a code who works in theory  not tested for the syntaxe    lt  php  password1     POST  password     salt         hello 1m   SaLT    hashed      hash  sha256    password1    salt     gt    When you insert     qry  INSERT INTO member VALUES   username     hashed       And for retrieving user      qry  SELECT   FROM member WHERE username   username  AND password   hashed

User · Answer

According to php net the Salt option has been deprecated as of PHP 7 0 0  so you should use the salt that is generated by default and is far more simpler  Example for store the password    hashPassword   password hash  password   PASSWORD BCRYPT    Example to verify the password    passwordCorrect   password verify  password    hashPassword

User · Answer

These examples are from php net  Thanks to you  I also just learned about the new php hashing functions   Read the php documentation to find out about the possibilities and best practices  http   www php net manual en function password-hash php  Save a password hash    options          cost    gt  11        Get the password from post  passwordFromPost     POST  password      hash   password hash  passwordFromPost  PASSWORD BCRYPT   options       Now insert it  with login or whatever  into your database  use mysqli or pdo    Get the password hash      Get the password from the database and compare it to a variable  for example post   passwordFromPost     POST  password     hashedPasswordFromDB         if  password verify  passwordFromPost   hashedPasswordFromDB         echo  Password is valid      else       echo  Invalid password

User · Answer

You couldn t login because you did t get proper solt text at login time  There are two options  first is define static salt  second is if you want create dynamic salt than you have to store the salt somewhere  means in database  with associate with user  Than you concatenate  user solt password hash string now with this you fire query with username in your database table

User · Answer

I think  Flo254 chained  salt to  password1and stored them to  hashed variable   hashed variable goes inside INSERT query with  salt

[php] PHP salt and hash SHA256 for login password

Examples related to php

Examples related to mysql

Examples related to hash

Examples related to salt

Examples related to sha256