1

I don't understand how this works

$hash = $bcrypt->hash($_POST['password']); //this string is stored in mysql

Then when a user logs in,

//get hash string from above from mysql, then

if ($bcrypt->verify($_POST['password'], $row['password'])) {
   echo "Logged in.";
}

A.) Am I doing this correctly?

B.) If so, how does bcrypt remember the salt if it's not stored in the database?

Improve this question

1 Answer 1

Reset to default
1

The salt is prepended to the hash, and so the the function pulls the salt out of the hash from the database. This is why you have to pass the hash from the database to the verification function, instead of just rehashing the password and comparing them.

And yeah, it does look like you are doing it correctly.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.