Quote:
Originally Posted by Publisher Bucks
Would it be best to change the encryption method at this point to something else or do you think I'll still run into the issue because of an existing coding issue?  |
Think you can still use it. leave your signup form as is (where you insert the hash into your db), then on your login form:
replace:
if ($_POST['password'] === $password)
with:
if(password_verify(mysqli_real_escape_string($_POS T['password']), $password))
You've added slashes on your signup form, see this part of your code:
$password = mysqli_real_escape_string($link, $_REQUEST['password']);
// Securing password using password_hash
$secure_pass = password_hash($password, PASSWORD_BCRYPT);
So you need to add those again during login...
Edit: k0nr4d already replied and yeah, md5 + salt would be easier.