Hashing password using crypt does not work on the login it displays incorrect pass

Question

I have a register page that allow user to insert password so i need to hash it to become more secure in the database this work fine

but when it come to the login t

Answer 1

Upon registration you create a unique salt. That salt is now part of the hash. If you look closely, you'll see it's embedded in the first part of the hash. To check the password, use the previous hashed password's salt, so you're using the same salt again.

$correctPasswordHash = getPasswordFromDatabase($_POST['username']);
$hash = crypt($_POST['password'], $correctPasswordHash);

if ($correctPasswordHash === $hash) ...

To make this easier and more foolproof, use the password_compat library, which wraps this in an easy to use API, which will also be integrated into a future version of PHP. Inspect its source code for the correct usage of crypt, since there are some pitfalls you need to take care of. The password_compat library is also using a custom binary comparison instead of a simple === to thwart timing attacks.