I have some problem understanding how to use php 5.5.0+ password_hash and password_verify to protect pages access.
Let me explain what I did. 1) When I create a new user for my webapp, I store username and hashed password in a users table. To hash the password before to store it in the db, I use
$hashedp = password_hash($password, PASSWORD_DEFAULT);
2) On page login I can take the password submitted by the user in the form and 'compare' it with that stored in the database for the same user in this way
$password = the password submitted by the user
$user_hashedp = the hashed password taken from the db
if (password_verify($password, $user_hashedp)) {
// login the user
} else {
// show error
}
3) What I don't understand is how I can check and protect access to other pages, after the user has logged in. Imagine You have another page page1.php that you want to show only if the user is logged correctly. How can I build this check?
kind regards, Matt