Jump to content

Recommended Posts

First, you want hashing. Encryption is when you can get the original password back from your database. That sounds good but it isn't. What you need is hashing, which is taking something like a password and turning it into another thing that looks random but will give you the same result for the same password. (Basically.) Then you compare hashes.

 

Use password_hash and password_verify like

// when setting or changing a password
$hash = password_hash($_POST["password"]);
/* put $hash in the database */
// when checking a password
if (password_verify($_POST["password"], $hash_from_database)) {
	// password matches
} else {
	// password does not match
}

password_hash() requires an algorithm and should be called with specific parameters:

<?php

const PW_HASH_ALGORITHM = PASSWORD_BCRYPT;  // bcrypt is the de-facto standard and currently the only choice
const PW_HASH_COST = 14;                    // adjust this to your own needs



$password = 'test';
$hash = password_hash($password, PW_HASH_ALGORITHM, ['cost' => PW_HASH_COST]);

var_dump($hash);
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.