So after researching this quite a bit I’d like to know if this is

Question

0

Editorial Team

Asked: June 9, 20262026-06-09T07:59:32+00:00 2026-06-09T07:59:32+00:00

So after researching this quite a bit I’d like to know if this is

0

So after researching this quite a bit I’d like to know if this is the best practices way of doing it or not.

When I send the user’s password to the DB I’m doing this:

// DB input:

$mySalt = time(); // generate random salt such as a timestamp
$password = crypt($_POST['password'], $mySalt);
// submit $password and $mySalt to DB here via PDO

And when I go to check the password at login I’m doing this:

// At login:

// retrieve the password and the salt from the DB
if(crypt($_POST['password'], $saltFromDb) === $passFromDb)
// allow login

Would this be the correct way to do that or am I missing something? Thank you for any advice.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T07:59:33+00:00

Editorial Team

2026-06-09T07:59:33+00:00Added an answer on June 9, 2026 at 7:59 am

What you need instead is to use the inbuilt salting and hashing functions supplied within crypt. Here is an example using a good hashing algorithm call blowfish (bcrypt): How do you use bcrypt for hashing passwords in PHP?

In this case the slower the algorithm the better.

When getting it from DB you would simply use crypt() to evaluate the entire string to understand if it validates as the correct password etc.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So after researching this quite a bit I’d like to know if this is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply