I am try to offer the best password safety I can for my program, after some research all roads seem to end at PHPASS as my best option. I'm doing some experimental trials to understand what I'm doing. it's not going well lolAs far as I can see PHPASS adds a random salt to the password and then hashes it so it can then be stored in the DB, The user is now registered!.This works fine for me.It's this part I don't understand,when the user logs in I retrieve the hash from the DB and compare it to the hash that has been made from the password that the user has entered in the login but this time the new hash is different because it has been made from a different salt? and there for doesn't match the one stored in the DB.Somewhere I am being stupid and am missing something obvious that everyone else does get. Please help me as I seem to be retarded!
Yes, this is a good library to use. If you have PHP 5.5+ though, there is no need, as similar functionality is built in.
Use $hasher->CheckPassword($pass, $hash) to check the password, rather than rehashing it. This way it ensures it uses the same salt (the salt is stored at the start of the hash, as is the hash algorithm).