Home/ Questions/Q 713523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T04:58:15+00:00

For a login system in php would this be a suitable outline of how

  • 0

For a login system in php would this be a suitable outline of how it would work:

users types in username and password, clicks login button.

  1. Checks if user exists in database,
  2. if it does, then retrieve the salt
    for that user
  3. hash the password and
    salt (would this be done on the
    client or server side? I think
    client side would be better, but php
    is server side so how would you do
    this?)
  4. check value against value in
    database,
  5. if the values match then
    user has typed in correct password
    and they are logged in.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Checks if user exists in database, if it does then retrieve the salt for that user hash the password and salt

    No. This means you are hitting your database twice.

    hash the password and salt (would this be done on the client or server side? I think client side would be better

    No. The point of hashing the password is so that if someone compromises your database, they can’t (easily) find out what they need to send to your system (or other systems) to log in as that user.

    If you hash the password before sending it to the server, then the attacker can bypass the JS and send the prehashed password read from the database to your system.

    1. User submits username and password
    2. Password is hashed with the standard salt for the system
    3. SELECT some,cols FROM your_users WHERE username=? and password=?
    4. Count the number of rows returned from the database.
    • 0