Hash Passwords With Php 5.5

Hash Passwords With PHP 5.5

Every PHP developer would have to build an application that relies on a user login.

It means that the user of the website having a Username and Password which is stored in the database so they can login into your website.

Therefore it's important that passwords stored in the database should be hashed before. A password hash is a one way encryption of a string, so you won't be able to decrypt this to find out what the password is.

You should never store a password in the database without hashing it first, if a third party gets access to your database they will be able to get hold of all the password's or your users.

It is important that you protect your users by hashing the passwords.

Hashed is similar to encryption in the sense that it turns your password into a long string of letters and numbers to keep it hidden. However, unlike encryption, hashing is a one way street: If you have the hash, you can't run the algorithm backwards to get the original password. This means a hacker would have to obtain the hashes and then try a number of different password combinations to see which ones worked.

However, there is a downside to this method. While a hacker can't decode a hash back to the original password, they can try many different passwords until one matches the hash they have. Computers can do this very fast, and with the help of something called rainbow tables—which is essentially a list of trillions of different hashes and their matching passwords—they can just look up the hash to see if it's already been discovered. Try typinge38ad214943daad1d64c102faec29de4afe9da3d into Google. You'll quickly find that it's the SHA-1 hash for "password1". For more information on how rainbow tables work, check out this article by coding guru Jeff Atwood on the subject.

Ways Of Hashing Passwords

A while ago it was common to find people hashing passwords by using these functions.

But these functions are not recommended to use when you are hashing passwords...

This is because of the way these functions work, you can easily create a script to use brute force on this function to return a string that matches another md5() string.

These functions are fine to use for other hashing but it is not recommended for passwords.

Instead of using these function you should be using crypt() or the hash() function, the complexity of these functions means that they are slower to run than the other md5()and sha1() functions. This means that the output from a brute force attack will take much longer to run than using the md5() function.

Another benefit of using the crypt() function is that you can pass a second parameter of a salt. A salt is an encrypted string that is added to the password during hashing, it is a way of adding additional data to the string which will make the hash harder to crack.

Password Hashing Using PHP version 5.5

In PHP version 5.5 password hashing functions were introduced into the core giving you access to use 4 functions to use when hashing passwords and verifying a password.

  • password_get_info — Returns information about the given hash
  • password_hash — Creates a password hash
  • password_needs_rehash — Checks if the given hash matches the given options
  • password_verify — Verifies that a password matches a hash

The two important functions to understand are the password_hash() and thepassword_verify().

Password_hash Function

The password_hash function will create the hashed password from a string, It takes 3 parameters, the first is the string to hash, second is the algorithm you want to use to hash the password and the third are additional options like salt to pass into the function.

$options = [

'cost' => 11,

'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM), 


$hashed_password = password_hash( $string, PASSWORD_DEFAULT, $options );

The default hashing algorithm password_hash uses is currently bcrypt, note that this could change in the future as newer encryption algorithms are added into PHP.

The third parameter allows you to add a salt to the password, if one is not provided then PHP will generate a random salt to use for each password generated. It is actually recommended to not generate a salt for this function but allow PHP to generate the salt for you.

Password Hash

Password_verify Function

This function is used to make sure that the string password and the string hashed password match and will return a boolean TRUE if the passwords match.

$matched = password_verify( $password, $hashed_password );

Using just these two function you can now easily create a user login section which generates secure passwords you can store in the database and match when the user logins in.

Password Verify





original spurce: www.paulund.co.uk

by Janeth Kent Date: 28-08-2013 php hash password script libraries coding developers programming web development hits : 8910  
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.


Related Posts

Understanding LCP, CLS, FID. All about Core Web Vitals in Google Search Console

A few months ago we talked about certain Google metrics that were displayed in Search Console. The reason for writing another post on this topic is that Google has changed…

Validating HTML forms using BULMA and vanilla JavaScript

Today we are going to write about contact forms and how to validate them using JavaScript. The contact form seems to be one of the top features of every basic home…

The State of PHP 8: new features and changes

PHP 8.0 has been released last November 26: let's discover together the main innovations that the new version introduces in this language. PHP is one of the most popular programming languages…

A FULFILLED PROMISE - Using the FETCH API to make AJAX calls

In this article we talked about what AJAX calls are and how to use them in a traditional way, by using the XMLHttpRequest (XHR) object. In short, thanks to AJAX…

How to use Parallax.js effect on your website

Today, we're going to write about the parallax effect, similar to parallax scrolling, and how to implement it to improve your landing page. In webdev, they say mobile first -…

Django vs. Laravel: Market Share Comparison

There are two leading frameworks in the web development segment: Django and Laravel. In this article, we prepared a Django and Laravel comparison focusing on their market share so that…

How to make the website's dark mode persistent with Local Storage, CSS and JS

Recently we wrote about how to do a switchable alternative color mode or theme, a very useful and popular feature to websites. Today’s article is going to be about how…

Dark Web: the creepy side of the Internet is not as dark as believed

People who surf the Dark Web are not necessarily looking for something illegal. Most people want to protect their privacy. And according to a recent study, 93 percent only use…

Cross cultural challenges in web design, an overview

The user experience design of a product essentially lies between the intentions of the product and the characteristics of your user. - David Kadavy - The task of building a culturally appropriate…

A Java approach: While loop

Hello everyone and welcome back! After having made a short, but full-bodied, introduction about cycles, today we are finally going to see the first implementations that use what we have called…

Website Traffic Getting Low? 4 Immediate Action to Take

If you have created a website, I am sure your end objective is to create a strong brand presence, boost engagement, and multiply revenue. An interesting statistic showed that there were…

The easiest way to align items using flexbox

With the release of flexbox in CSS, it has become an essential tool when placing elements next to each other, since, by default, the children of a display: flexare stacked…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration