PHP Password Hashing
Last Updated on Mar 22, 2023
Introduction
Do you remember how facebook stored millions of user’s passwords in plain text?
Don’t be like facebook!
Storing and managing passwords is very important. And in PHP it’s very easy.
Password Hash
The first step is hashing the password before storing it in database and we can do that with Password_hash
Password_hash(password,algorithm,options)
It takes 3 arguments
- Password
- Flag for algorithm
- Extra options
So let’s use it.
$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;
// $2y$10$bXwHuVwJsxrcZ6aKh9mAFO0mW0LySI2caHySsYMeWMfi0g3Y8LUoW
It’s a one way hash. You cannot change the hashed password back to the original password.
Password Verify
Then how can we verify if the user is typing the correct password?
Again, very easy. We can do that with password_verify
password_verify(password,hash)
It takes 2 arguments
- Password that the user is typing
- Hash is the hash of the original password that we saved
Returns true if matched and false if didn’t match
$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
if(password_verify($password,$hash)){
echo 'password is correct';
}else{
echo 'password is wrong';
}
// password is correct
And for wrong password:
$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
if(password_verify(9266984161,$hash)){
echo 'password is correct';
}else{
echo 'password is wrong';
}
// password is wrong
See how easy it is to hash the passwords? Never store any password without hashing them first.
Conclusion
Now you know about hashing and verifying passwords in PHP.
I recommend you to open a PHP files and try to hash and verify passwords. security of your application is very important.
If you have any suggestions, questions, or opinions, please contact me. I’m looking forward to hearing from you!
Key takeaways
- password hash in PHP
- password verify in PHP
- security