Reputation: 317
Switching from md5 to password_hash
I have been using md5 for password. e.g $password=md5($_POST['password']);;
I have heard md5 is only partially secure. now i want to use password_hash function $password=password_hash($_POST['password'],PASSWORD_DEFAULT);
Here is my code:
if($submit)
{
$first=$_POST['first'];
$password=password_hash($_POST['password'],PASSWORD_DEFAULT);
$db = new mysqli("localhost", "root","","learndb");
$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";
$result = $db->query($sql);
$result=mysqli_num_rows($result);
if($result>0)
{
session_start();
$_SESSION['logged_in'] = true;
session_regenerate_id(true);
header("Location:loginhome.php");
}
}
Now How should i store my password in database. previously while using md5 there was a md5 in function field. now what?
Upvotes: 0
Views: 571
Answers (1)
Reputation: 413
Read the manual next time ;) You need to use password_hash() when storing a password (eg on signup or password change), and when you need to check the password (eg on login) then you grab the already-hashed password from the database THEN call password_verify() with the user password and the hashed password from the database like so:
password_verify($cleartextUserPassword, $hashedPasswordFromDatabase);
If password_verify() returns true, let them in!
Upvotes: 1
Related Questions
- How do I get a YouTube video thumbnail from the YouTube API?
- Deleting an element from an array in PHP
- Returning JSON from a PHP Script
- Accessing a session variables in a php class object fails after php5.3 > php5.5.9 upgrade
- PHP form key bug
- Salting and hashing functions returning nothing
- How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon