Validating the Username and the Password with PHP
Explore how to use PHP's password_hash and password_verify functions to securely create and authenticate user accounts. Learn to manage sessions to track authenticated users and implement proper redirection after login. By the end, you will understand password hashing, user verification, and session handling for building secure login systems.
Using PHP functions for hashing and validation
PHP has two convenient functions that make it easier to make the right decisions, security-wise.
These functions will also save you some custom work related to password hashing and comparing.
To hash a password for the first time (when the user creates their account), you can use the password_hash() function.
To compare a password to a stored hash of the actual password, you can use the password_verify() function.
Setting up a user account
Since our application has no list of known users yet, we first need to set up our first user account. We can choose any username we like. We will be using matthias. Then, we have to choose a password, but as was discussed before, we will not store it anywhere. Nobody should be able to see your password or a user’s password, not even you as a ...