Thistutorial show you how to hashing passwords inPHP 5.5 with hashingAPI. There is a large number of web developers using old and less secure algorithm like MD5 and SHA1 encryption etc but those passwords are plain strings. In this new hashing API it uses bcrypt (its a key derivation function for passwords). In this article we are going to explore PHP’s new hashing API.
您需要 登录 才可以下载或查看，没有帐号？立即注册
How to Hashing Password in PHP 5.5 with Password Hashing API
DOWNLOAD CODE DEMO
password_hash() – used to hash the password.
password_verify() – used to verify a password against its hash.
Hash generated from above code is: 复制代码
- $password = "phpgang";
- $hash = password_hash($passwod, PASSWORD_DEFAULT);
In this function the first parameter is your password and second parameter used to specify the algorithm to hash password. 复制代码
PASSWORD_DEFAULT – is the bcrypt algorithm (default as of PHP 5.5.0).
If you are using PASSWORD_DEFAULT in your projects, its recommended to create column size must be larger than 60 characters to save hash if you define column to 255 would be good.
Most important is that you don’t have to provide salt (appending or pre-appending is called salt ) this API can automatically generate random salt but if you want to give your own salt then there is an options to add it as a third parameter in it.
We have generated hashed password with this new API now its time to verify these passwords with password_verify() . This function takes plain password and hashed password which we have saved in database. 复制代码
- $options = [
- 'salt' => function_for_salt(), // write your own code to generate a salt
- 'cost' => 11 // allows for you to change the CPU cost of the algorithm
- echo password_hash($password, PASSWORD_DEFAULT, $options);
This way you can verify your passwords and make your websites passwords strong with the latest API. If you are not using PHP 5.5 then there is a library available you can use that library [ here ] and create passwords in latest encryption. 复制代码
- $passwod = "phpgang";
- $hash = "$2y$10$vdd/HDckxSzFdOMLZ4Rhh.M3MQeOsPCwcsvAFW3MJWMKdxdv63.";
- if (password_verify($password, $hash))
- // Password valid!!
- // Invalid password.
I hope you like this tutorial feel free to comment your views.