Mysql (MariaDB) with PDO: Difference between revisions
| Line 11: | Line 11: | ||
== Log a user == | == Log a user == | ||
SSL connection. Hash and salt. Php [https://www.php.net/manual/en/ref.password.php password hashing functions] | SSL connection. Hash and salt. Php [https://www.php.net/manual/en/ref.password.php password hashing functions] and mainly <syntaxhighlight inline>password_hash</syntaxhighlight> with <syntaxhighlight inline>password_verify</syntaxhighlight>. | ||
Revision as of 17:42, 18 September 2021
Introduction
Some of my database stuff is shown.
Establishing connection to the server
Store the password into a secure place, thus outside the the www folder. Php can access that.
Log a user
SSL connection. Hash and salt. Php password hashing functions and mainly password_hash with password_verify.
Php's hash function includes multiple algorithms, and the well known hash functions MD5 and SHA1 should be avoided in new applications. . . It is rather safe to assume that the SHA2 family with its most prominent members SHA-256 und SHA-512, is better than SHA1. . . it is a good idea to prefix a salt to the password before hashing, to avoid the same passwords to hash to the same values and to avoid the use of rainbow tables for password recovery.
the salt should be random string with at least as many variable bits, as there are bits in the hash result. In the user database, store username, the randomly generated salt for that user, and the result of hashing the salt-password-string. Access authentication is then done by looking up the entry for the user, calculating the hash of the salt found in the database and the password provided by the user, and comparing the result with the one stored in the database.
https://makitweb.com/login-page-with-remember-me-using-pdo-and-php/
