Believe that many people are either MD5 () directly into the library or store the MD5 () and salt two fields. But the first kind is unsafe. The second kind of trouble. Fortunately, PHP offers a simpler solution.
Note: The following prerequisites are in the php5.5 version of the
After the php5.5, you can change one way of saving. Simple and convenient.
<?php
$pwd = "123456";
$hash = Password_hash ($pwd, Password_bcrypt);
Echo $hash;
MySQL only needs to store this hash value on the line. It is recommended that you set the database value of this field to 255
if (Password_verify ($pwd, ' hash value in database ')} {
echo "Correct password";
} else {
echo "Password Error";
}
See at this time, there may be some people say TM before I save the password is only a separate MD5 password, also did not use salt, now I want to change to you this, how to do well.
Refer to this article in StackOverflow, which may be helpful to you.
Http://stackoverflow.com/questions/18906660/converting-md5-password-hashes-to-php-5-5-password-hash
$password = $_post["password"];
TODO here to determine if the password is the correct password
And then decide to update
if (substr ($pwInDatabase, 0, 1) = = "$")
{
Password already converted, verify using password_verify
}
Else
{
User still using the old MD5, update it!
if (MD5 ($password) = = $pwInDatabase)
{
$db->STOREPW (Password_hash ($password));
}
}
This practice is not recommended because double hashes do not increase security.