PHP authentication: Difference between revisions
Jump to navigation
Jump to search
Created page with "== Login == * Store hash of password in database * Check password by fetching row based on username, then use password_verify (which is safe against timing attacks)" |
No edit summary |
||
| Line 3: | Line 3: | ||
* Store hash of password in database | * Store hash of password in database | ||
* Check password by fetching row based on username, then use password_verify (which is safe against timing attacks) | * Check password by fetching row based on username, then use password_verify (which is safe against timing attacks) | ||
* After a successful verification, call password_needs_rehash to see if the hash needs to be updated | |||
Revision as of 16:08, 8 April 2023
Login
- Store hash of password in database
- Check password by fetching row based on username, then use password_verify (which is safe against timing attacks)
- After a successful verification, call password_needs_rehash to see if the hash needs to be updated