Norse
Reputation: 5757
How do you verify a password with PHP/MySQL using BCRYPT
I don't understand how this works
$hash = $bcrypt->hash($_POST['password']); //this string is stored in mysql
Then when a user logs in,
//get hash string from above from mysql, then
if ($bcrypt->verify($_POST['password'], $row['password'])) {
echo "Logged in.";
}
A.) Am I doing this correctly?
B.) If so, how does bcrypt remember the salt if it's not stored in the database?
Upvotes: 1
Views: 981
Answers (1)
Andrew Leap
Reputation: 956
The salt is prepended to the hash, and so the the function pulls the salt out of the hash from the database. This is why you have to pass the hash from the database to the verification function, instead of just rehashing the password and comparing them.
And yeah, it does look like you are doing it correctly.
Upvotes: 1
Related Questions
- PHP Login with bCrypt Hashed Passwords
- Cannot verify password in PHP
- BCrypt of PHP cannot verify the password
- Password verify not working with password hash BCRYPT
- How to login with bcrypt
- How do you verify user submitted passwords against a bcrypt hash?
- Password verifying against database using bcrypt
- Verify Login with Bcrypt Password
- PHP & MYSQL: using bcrypt hash and verifying password with database
- How to use bcrypt with php for password authentication?