Store passwords securely in PHP to prevent password hacking
November 10, 2016 Comments 0 273 Views

Store passwords securely in PHP to prevent password hacking

While creating an application using PHP there are maximum chances that you have login for which you have to store user data which also contain passwords for login. We will show you, how you can store password securely in PHP.

Methods to store passwords securely.

There are many method to secure the password in PHP by encrypting passwords with functions like crypt(), md5(), password_hash() etc. This methods basically encrypt your password with inbuilt algorithm which make it not readeable for humans. So no one knows what is a password by looking into the encrypted password string.

Hashing a Password with password_hash() function.

password_hash function create password with hashing algorithm. It works with PHP 5.5+ versions and have strong one-way hashing algorithm. It is also compatible with crypt() function so hashes created by the function crypt() can also be used with password_hash() function.

It support 2 algorithm which are PASSWORD_DEFAULT and PASSWORD_BCRYPT.

PASSWORD_DEFAULT – Default algo is presently BCRYPT only and will produce a 60 character of string in result. But as this is default and can be change overtime so you need to have good space in database to store it. Keeping your password field in database with 255 characters will help to take care increased string encryption in future.

PASSWORD_BCRYPT – Using the PASSWORD_BCRYPT as the algo, will result in password parameter being truncated to a maximum length of 72 characters.

To create password from hash is simple. Below is the code which will convert your password into hash.

In above code we pass the password which we want to hash and got the hash encrypted string which is secure and can be store in database. So any one having access to database will only see the hash string and not a actual password.

Validate and Check the hash password.

We will validate the password from the stored one in hash format and the new one entered by user. We will keep thing simple and easy to understand. Below is the code where password_verify do all the task and we just need to pass the stored hash string and new string. password_verify() function returns Boolean i.e true & false which says password is matched or not.

In the above example the password will match because we have provided a same password as stored earlier in hash format. You can also use password_verify() function for the hash created with crypt() function.

Always store passwords by encrypting them with a secure method. Above example are tested in PHP 5.6+ version so you can leave comment below in case of any issue you face while working with same and we will be happy to help you out.

Previous Secure Wordpress login with additional Authentication Layer
Next ZIP Files & Folder using Simple PHP Code

About author

Rio
Rio 37 posts

Expert web developer working in PHP, Wordpress, Joomla, Magento, Javascript etc.

You might also like

PHP function to sort array alphabetically or numerically in ascending or descending order.

In this article we will walk through with example on how the PHP array sort functions works to sort the arrays key and values in alphabetically/numerically or ascending/descending order. Sort

Get list of Images from a Folder using PHP

With PHP you can get list of all images available under any particular folder. You can use preg_grap function to check file extension and get list of file having required

Working With PHP & Databases

Working with PHP & Database require basic knowledge of below items : Database Connection Inserting Data Reading Data Updating Data Deleting Data Making Database Connection : Using PHP you can

PHP 7 Using New Operators

PHP 7 also brings us some new operators. Let’s just cut the talk and directly check how PHP 7 Using New Operators. Spaceship Operator : The spaceship operator, or Combined Comparison

Secure directory by allowing access to IP address & Deny all using htaccess

Your website may have folders which you want to keep secure access using URL. For example Admin area you want to keep secure to access using particular IP address and

Working with PHP Array – Indexed, Associative & Multi-Dimensional

PHP Array are variables which can hold more than one value at a time. For example if you want to store 1000 numbers then instead of defining 1000 variables its easy

Post data to third party site using PHP CURL

PHP supports CURL library which allows you to connect and communicate to many different types of servers with many different types of protocols and supports the http, https, ftp etc.

Using Type Declarations in PHP 7

PHP is considered to be a weak typed language. Using type declarations in PHP 7 simply means specifying which type of variable is being set instead of allowing PHP to

Avoid things In Smarter PHP 7

mysql_ Functions : The mysql extension (and the mysql_* functions) have been deprecated since PHP 5.5. For a direct migration, you can use the mysqli extension and the mysqli_* functions