Last active
February 11, 2019 13:49
-
-
Save jcook3195/60d7b1fbec0dcc86d24f00e7538fdca7 to your computer and use it in GitHub Desktop.
Hashing a password with Blowfish, then checking if the entered password matches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Hashing the password at the time of the registration | |
| */ | |
| // Call function to hash the registration password (then enter it into the database however you choose) | |
| blow_hash($_POST['password']) | |
| // Hash passwords with blowfish | |
| function blow_hash($password) { | |
| return password_hash($password, PASSWORD_BCRYPT); | |
| } | |
| /** | |
| * Checking that the entered password matches what is in the database at login | |
| */ | |
| // Get the password the user entered from the login form | |
| $entered_password = $_POST['password']; | |
| // Run a query to check if the username is valid first, then get the existing password from the database and store it in a variable | |
| $right_password = $user->password; | |
| // Verify that the password stored in the $right_password variable from the database | |
| // matches the password from the login form, stored as $entered_password | |
| function verify_pass($entered_password, $right_password) { | |
| if(password_verify($entered_password, $right_password)) { | |
| return true; | |
| } else { | |
| return false; | |
| } | |
| } | |
| // Allow the user to login if the password is a match, or give erros if it is not | |
| if(verify_pass($entered_password, $right_password)) { | |
| // set logged in session variable and send them on to the logged in landing page | |
| } else { | |
| // return invalid login errors | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment