Home >Database >Mysql Tutorial >How to Securely Verify Salted Passwords in a Member Site?

How to Securely Verify Salted Passwords in a Member Site?

Barbara Streisand
Barbara StreisandOriginal
2024-12-04 09:18:12859browse

How to Securely Verify Salted Passwords in a Member Site?

How to Verify Salted Passwords in Your Member Site

Embedding security measures into user authentication is crucial for protecting sensitive information. Salting passwords enhances encryption and prevents unauthorized access. This article discusses the process of verifying salted passwords against a database and ensuring user authorization.

Verifying Salted Passwords

To verify a salted password, we follow these steps:

  1. Retrieve the Salt: Execute a query to retrieve the salt associated with the user's name.
  2. Combine Password and Salt: Concatenate the user's entered password and the retrieved salt.
  3. Hash the Concatenated String: Use a hashing function, such as SHA-256, to generate a hash value for the concatenated string.
  4. Compare Hashes: Check if the hashed value from step 3 matches the hashed password stored in the database. If they match, the password is valid.

Sample Code for Salted Password Verification:

$servername = 'localhost';
$username = 'root';
$pwd = '';
$dbname = 'lp001';

$connect = new mysqli($servername, $username, $pwd, $dbname);

if ($connect->connect_error) {
    die('Connection failed: ' . $connect->connect_error);
}

$name = mysqli_real_escape_string($connect, $_POST['name']);
$password = mysqli_real_escape_string($connect, $_POST['password']);

$saltQuery = "SELECT salt FROM users WHERE name = '$name';";
$saltResult = mysqli_query($connect, $saltQuery);

if ($saltResult === false) {
    die(mysqli_error($connect));
}

$row = mysqli_fetch_assoc($saltResult);
$salt = $row['salt'];

$saltedPW = $password . $salt;
$hashedPW = hash('sha256', $saltedPW);

$sqlQuery = "SELECT * FROM users WHERE name = '$name' AND password = '$hashedPW';";
$sqlResult = mysqli_query($connect, $sqlQuery);

if (mysqli_query($connect, $sqlQuery)) {
    echo '<h1>Welcome to the member site ' . $name . '</h1>';
} else {
    echo 'Error adding the query: ' . $sqlQuery . '<br> Reason: ' . mysqli_error($connect);
}

By incorporating these steps and sample code into your member site, you can effectively verify salted passwords and ensure user authorization securely and efficiently.

The above is the detailed content of How to Securely Verify Salted Passwords in a Member Site?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn