So I'm in the process of learning PHP and am working on a login page. I already figured out how to register a new user using a SHA256 to hash $salt+$password. I know there are slower encryption methods like bcrypt but for learning purposes I'm just using SHA256. My question is, after using this to encrypt:
function HashPassword($password) {
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$hash = hash("sha256", $salt . $password); column
$final = $salt . $hash;
return $final;
}
using prepared statements, what is the best way to retrieve the hash password from the database so I can validate it using a function like this?
function ValidatePassword($password, $hash_pass) {
$salt = substr($hash_pass, 0, 64);
$trueHash = substr($hash_pass, 64, 64);
$reHash = hash("sha256" , $salt . $password);
return $reHash == $trueHash;
}