I would use password_hash() if you running on php 5.5 or greater
When you send the password to the database simply hash it with the function
$password = password_hash(filter_input(INPUT_POST, "password"));
The when you pull the password back out of the database do the same thing to the password they submitted.
$passwordFromDb = $result['password']; //Password from the database
$passwordFromLoginForm = password_hash(filter_input(INPUT_POST, "password");
//Then when youve got the password to check it agaisnt there input
if($passwordFromDb === $passwordFromForm){
//The password they entered was the same as the password in the database
} else {
//The password was wrong
}
I have not tested this code so there may be errors but hopefully youll get the point 🙂
PS dont use MD5 please, Very insecure
If you must use md5
$password = md5(filter_input(INPUT_POST, "password"));//Store password
$passwordFromDb = $result['password']; //Password from the database
$passwordFromLoginForm = md5(filter_input(INPUT_POST, "password");
//Then when youve got the password to check it agaisnt there input
if($passwordFromDb === $passwordFromForm){
//The password they entered was the same as the password in the database
} else {
//The password was wrong
}
2
solved how to retrieve MD5 password