Getting hashed with salt password from database?

K

Kt0T02021-02-01 23:46:26

PHP

Kt0T0, 2021-02-01 23:46:26

I have a hashed password (SHA256) with a salt in the database,

how do I check them with the password entered in the login form ?

Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergey delphinpro, 2021-02-02
@delphinpro

Educational project? Immediately learn to do more or less correctly .
when registering, we get the login and password from the form, we hash the password.

$login = $_POST['login'];
$hash = password_hash($_POST['password']);

save the pair to the database.
when logging in, we get the login and password from the form, make a request to the database

$login = $_POST['login'];
$password = $_POST['password']; // не хешируем

SELECT * FROM users WHERE login = '$login'

If the record is found in the database, then we check the password

if (password_verify($password, $hash_from_db)) {
  // пользователь аутентифицирован
} else {
  // пара логин/пароль неверная
}

M

maddimas, 2021-02-02
@maddimas

Add (concatenate) the entered password with a salt and pass it as a parameter to the hash method with the specified algorithm. Compare the result with the hash stored in the database.