Buenas tardes , estoy desarrollando mi sistema de registro y autenticación siguiendo un paquete de github , entonces genero correctamente la pwd,
Código PHP:
Ver original<?php
$password = $_POST["password"];
// secure hashing of passwords using bcrypt, needs PHP 5.3+
// see http://codahale.com/how-to-safely-store-a-password/
// salt for bcrypt needs to be 22 base64 characters (but just [./0-9A-Za-z]), see http://php.net/crypt
// 2y is the bcrypt algorithm selector, see http://php.net/crypt
// 12 is the workload factor (around 300ms on my Core i7 machine), see http://php.net/crypt
$hash = crypt($password, '$2y$12$' . $salt); // we can now use the generated hash as the argument to crypt(), since it too will contain $2y$12$... with a variation of the hash. No need to store the salt anymore, just the hash is enough!
if(($hash == crypt('lobezno', $hash))){ echo "OK";
}else{
echo "NO";
}
?>
Bien , pues en la sentencia SQL
Código PHP:
Ver original$email = $_POST["email"];
$password = $_POST["password"];
// Se conecta al SGBD
// Sentencia SQL: muestra todo el contenido de la tabla "books"
$sentencia = "SELECT * FROM users WHERE email = '".$email."' AND password ='"crypt($password, $hash)"'";
En la BD no guardo el salt , sólo el email y el password , alguna ayuda ?