SO.
I want to use BCrypt for my user authentication form. I can register a user using the code
<?php
$salt = '$2a$07$R.gJb2U2N.FmZ4hPp1y2CN$';
crypt("secretpassword", $salt);
?>
Here instead of using a constant salt. I want to generate random salts using
// Posted Code from http://pastebin.com/wLxDEhD7.
$Allowed_Chars =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;
$salt = "";
for($i=0;$i<45 ;$i++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
And store it into the database. Until this I am clear(I Hope :D) Next what I need is to check the password when the user logs in. For that I need the user's input data, the salt used for that user.
crypt("secretpassword", $salt);
I can get the user input, but how will I know the salt that has been used? I am not clear on this.
Codes have been copied from phpmaster.com and http://pastebin.com/wLxDEhD7 (from a question asked on SO, I am unable to find the question again) This is being used purely for educational purposes.