PHP Password Hashing

Introduction

Do you remember how facebook stored millions of user’s passwords in plain text?

Don’t be like facebook!

Storing and managing passwords is very important. And in PHP it’s very easy.

Password Hash

The first step is hashing the password before storing it in database and we can do  that with Password_hash

Password_hash(password,algorithm,options)

It takes 3 arguments

• Password
• Flag for algorithm
• Extra options

So let’s use it.

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
echo $hash;
// $2y$10$bXwHuVwJsxrcZ6aKh9mAFO0mW0LySI2caHySsYMeWMfi0g3Y8LUoW

It’s a one way hash. You cannot change the hashed password back to the original password.

Password Verify

Then how can we verify if the user is typing the correct password?

Again, very easy. We can do that with password_verify

password_verify(password,hash)

It takes 2 arguments

• Password that the user is typing 
• Hash is the hash of the original password that we saved

Returns true if matched and false if didn’t match

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
if(password_verify($password,$hash)){
   echo 'password is correct';
}else{
   echo 'password is wrong';
}
// password is correct

And for wrong password:

$password = 1234569;
$hash = password_hash($password, PASSWORD_DEFAULT);
if(password_verify(9266984161,$hash)){
   echo 'password is correct';
}else{
   echo 'password is wrong';
}
// password is wrong

See how easy it is to hash the passwords? Never store any password without hashing them first.

Conclusion

Now you know about hashing and verifying passwords in PHP.

I recommend you to open a PHP files and try to hash and verify passwords. security of your application is very important.

If you have any suggestions, questions, or opinions, please contact me. I’m looking forward to hearing from you!

Key takeaways

• password hash in PHP
• password verify in PHP
• security