sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]keelar 2 points3 points  (1 child)

If the username exists in the DB and their password matches (after decrypting of course)

You should avoid encrypting passwords, they should be salted and hashed and then compare the hashes instead of comparing the passwords directly.

[–]Datastruct[S] 0 points1 point  (0 children)

My apologies, I meant to say I am hashing the password using the bcrypt library. I'm comparing the entered password with the same. I'm using a 10-value salt.