Home >Database >Mysql Tutorial >How to Securely Verify Salted Passwords in a Member Site?
Embedding security measures into user authentication is crucial for protecting sensitive information. Salting passwords enhances encryption and prevents unauthorized access. This article discusses the process of verifying salted passwords against a database and ensuring user authorization.
Verifying Salted Passwords
To verify a salted password, we follow these steps:
Sample Code for Salted Password Verification:
$servername = 'localhost'; $username = 'root'; $pwd = ''; $dbname = 'lp001'; $connect = new mysqli($servername, $username, $pwd, $dbname); if ($connect->connect_error) { die('Connection failed: ' . $connect->connect_error); } $name = mysqli_real_escape_string($connect, $_POST['name']); $password = mysqli_real_escape_string($connect, $_POST['password']); $saltQuery = "SELECT salt FROM users WHERE name = '$name';"; $saltResult = mysqli_query($connect, $saltQuery); if ($saltResult === false) { die(mysqli_error($connect)); } $row = mysqli_fetch_assoc($saltResult); $salt = $row['salt']; $saltedPW = $password . $salt; $hashedPW = hash('sha256', $saltedPW); $sqlQuery = "SELECT * FROM users WHERE name = '$name' AND password = '$hashedPW';"; $sqlResult = mysqli_query($connect, $sqlQuery); if (mysqli_query($connect, $sqlQuery)) { echo '<h1>Welcome to the member site ' . $name . '</h1>'; } else { echo 'Error adding the query: ' . $sqlQuery . '<br> Reason: ' . mysqli_error($connect); }
By incorporating these steps and sample code into your member site, you can effectively verify salted passwords and ensure user authorization securely and efficiently.
The above is the detailed content of How to Securely Verify Salted Passwords in a Member Site?. For more information, please follow other related articles on the PHP Chinese website!