Using password_hash() how do I get the passsword in MySql

Pedroski55 · May 14, 2020, 11:48pm

I just have a homework page, no secrets. I’m trying to improve the login security anyway.

A student uses his or her student number to login. Up to now I was using MD5(). Now I would like to use this:

$password = password_hash($_POST[‘password’], PASSWORD_DEFAULT);

What is not clear to me is how I get that password in the password column of the studentsdb first? MySql has the function MD5(), so that was easy.

I read that this password_hash uses a ‘salt’. Will the ‘salt’ always be the same for a given student number?

phdr · May 15, 2020, 2:10am

The complement of password_hash() is password_verify().

Pedroski55 · May 15, 2020, 3:10am

To get the MD5() sum in MySql was easy, because MySql has MD5(), so I just took the MD5() of each student number and wrote that to the column password.

Now I am getting a hash generated by PHP password_hash()

How do I get that in the column password??

phdr · May 15, 2020, 3:26am

The password should be a secret, unpredictable value. A student number is an easy to find out, predictable value, and shouldn’t be used as the password.

You can use the student number as the identifier/username for log in purposes, but you need a second value as the password.

Pedroski55 · May 15, 2020, 4:11am

Well, I’ve got a form that will take a password entered by the user. I suspect the students will forget it 5 minutes later!

At the moment, I still think I need to write the value of password_hash() into the column password, corresponding to the student’s Chinese name or student number.

How do I get the password_hash() value in the column password??