In an attempt to implement a membership site with salted passwords stored in MySQL, you may encounter issues with member login page accepting any input. This article addresses the problem, providing a solution based on the concept of password salting and hashing.
To enhance security, passwords are often salted and hashed before being stored in the database. Salting involves adding a random string to the password, while hashing converts the result into a secure one-way value. This process prevents an attacker from directly retrieving the actual password even if they gain access to the database.
To retrieve the salted password, you need to:
Once the hashed value is obtained, you can verify it against the hashed password stored in the database:
$sqlQuery = "SELECT * FROM users WHERE name = '$name' AND password = '$hashedPW'";
if (mysqli_query($connect, $sqlQuery)){
echo '<h1>Welcome to the member site '.$name.'</h1>';
}else{
echo 'error adding the query: '.$sql_q.'<br> Reason: '.mysqli_error($connect);
}In this code, if the hashed values match, the login is successful. Otherwise, an error is displayed.
Another approach for password verification is using the password_hash() and password_verify() functions:
$hashFromDb = ...; // retrieve the stored password hash $isPasswordCorrect = password_verify($_POST['password'], $hashFromDb);
These functions automatically handle the salting and hashing process, simplifying password verification.
The above is the detailed content of How Do I Retrieve a Salted Password from the Database for User Authentication?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
