Understanding Websecurity.Login in PHP

Actually I am using SQL database to develop a php website and in the database I have encrypted password the old developer was using ASP.net to build the existing website and I notice he using Websecurity.login(username, password, remember); in his asp coding so the question is in php how should I encrypt password before checking in the database ? because for example the password is 123456 and in the database it’s stored something like:

APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==

I tried hash in php:

$password = '123456';  echo $hashed_password = password_hash($password, PASSWORD_DEFAULT); 

but the output is not matched with the password I have in SQL database I mean with: APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==

Any idea how should I encrypt password into order to make it same like in database so I can make login using php.

Add Comment
1 Answer(s)

You can be sure, that if you use php password_hash function, the output will not always be the same. Just reload the site a couple of times and you will see, that the generated password via password_hash will change most likely every time.

Head to the doc: https://www.php.net/manual/en/function.password-hash.php

The stored password looks like some Base64 to me – but i am just assuming.

In order to check the password later, you use password_verify -> https://www.php.net/manual/en/function.password-verify.php

The password_verify requires the users input – the password, as well as the encrypted password in the database. Please keep in mind: They will not be the exactly same, if you look on the encrypted strings!

A normal procedure would be:

  • The user creates an account with a user / password combination
  • You store the user and the password_hash in the database
  • When the user tries to login, you select the user by the entered username
  • You check via password_verify if the return value of that function is true, by bypassing the original entered password in the login, as well as the stored database password.
Answered on August 30, 2020.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.