Store passwords securely in PHP to prevent password hacking
November 10, 2016 Comments 0 80 Views

Store passwords securely in PHP to prevent password hacking

While creating an application using PHP there are maximum chances that you have login for which you have to store user data which also contain passwords for login. We will show you, how you can store password securely in PHP.

Methods to store passwords securely.

There are many method to secure the password in PHP by encrypting passwords with functions like crypt(), md5(), password_hash() etc. This methods basically encrypt your password with inbuilt algorithm which make it not readeable for humans. So no one knows what is a password by looking into the encrypted password string.

Hashing a Password with password_hash() function.

password_hash function create password with hashing algorithm. It works with PHP 5.5+ versions and have strong one-way hashing algorithm. It is also compatible with crypt() function so hashes created by the function crypt() can also be used with password_hash() function.

It support 2 algorithm which are PASSWORD_DEFAULT and PASSWORD_BCRYPT.

PASSWORD_DEFAULT – Default algo is presently BCRYPT only and will produce a 60 character of string in result. But as this is default and can be change overtime so you need to have good space in database to store it. Keeping your password field in database with 255 characters will help to take care increased string encryption in future.

PASSWORD_BCRYPT – Using the PASSWORD_BCRYPT as the algo, will result in password parameter being truncated to a maximum length of 72 characters.

To create password from hash is simple. Below is the code which will convert your password into hash.

In above code we pass the password which we want to hash and got the hash encrypted string which is secure and can be store in database. So any one having access to database will only see the hash string and not a actual password.

Validate and Check the hash password.

We will validate the password from the stored one in hash format and the new one entered by user. We will keep thing simple and easy to understand. Below is the code where password_verify do all the task and we just need to pass the stored hash string and new string. password_verify() function returns Boolean i.e true & false which says password is matched or not.

In the above example the password will match because we have provided a same password as stored earlier in hash format. You can also use password_verify() function for the hash created with crypt() function.

Always store passwords by encrypting them with a secure method. Above example are tested in PHP 5.6+ version so you can leave comment below in case of any issue you face while working with same and we will be happy to help you out.

Previous Secure Wordpress login with additional Authentication Layer
Next ZIP Files & Folder using Simple PHP Code

About author

Rio 34 posts

Expert web developer working in PHP, Wordpress, Joomla, Magento, Javascript etc.

You might also like

Error Handling in PHP 7

The next feature we going to cover are the changes to Error Handling. Handling fatal errors in the past has been next to impossible in PHP. A fatal error would

PHP 7 Using New Operators

PHP 7 also brings us some new operators. Let’s just cut the talk and directly check how PHP 7 Using New Operators. Spaceship Operator : The spaceship operator, or Combined Comparison

Creating HTML Form with PHP Server Side Validation.

This article will explain how you can create a HTML Form and do server side validation for the form. So the form which will display will be plain HTML and

Difference between echo and print statements

In PHP there are two basic ways to get your output : echo and print statements. We will show the difference between echo and print statements with a working example.

Post data to third party site using PHP CURL

PHP supports CURL library which allows you to connect and communicate to many different types of servers with many different types of protocols and supports the http, https, ftp etc.

Working with PHP Array – Indexed, Associative & Multi-Dimensional

PHP Array are variables which can hold more than one value at a time. For example if you want to store 1000 numbers then instead of defining 1000 variables its easy

How to detect website is access from Mobile using PHP.

Todays trend shows that maximum number of website access using mobile is increased. People are using smart phone to access the mobile instead of their desktop OR laptop. Because mobile

Working With PHP & Databases

Working with PHP & Database require basic knowledge of below items : Database Connection Inserting Data Reading Data Updating Data Deleting Data Making Database Connection : Using PHP you can

Using Type Declarations in PHP 7

PHP is considered to be a weak typed language. Using type declarations in PHP 7 simply means specifying which type of variable is being set instead of allowing PHP to


No Comments Yet!

You can be first to comment this post!

Leave a Reply

four + 7 =