How to compare user input with db password when using PHP's sha256 hash method?

Say I set a new users password like this:

$salt = random_string(40) // some method that spits out a random
                          // 40 alpha-numeric character string

$passwor开发者_JS百科d = hash('sha256', $_POST['password'] . $salt);

How do I then compare the users input to his hashed db password when he wants to log in?

---

At login time,

1. Fetch the password hash and the salt you stored in the database at registration time (using the account name, or email-address)
2. Hash the provided password with the same method and the same salt
3. Compare the hash you get with the hash you stored. If they are the same, the password matches.

The key here is to store the salt.

---

having stored the salt, you apply the same algorithm to what the user posts and compare the results with the stored password.