February 23, 2024 5:01 am

How to Hashing Password in PHP 5.5 with Password Hashing API

This tutorial show you how to hashing passwords in PHP 5.5 with hashing API. There is a large number of web developers using old and less secure algorithm like MD5 and SHA1 encryption etc but those passwords are plain strings. In this new hashing API it uses bcrypt (its a  key derivation function for passwords). In this article we are going to explore PHP’s new hashing API.

Hashing Password in PHP 5.5 with Password Hashing API

[wpdm_file id=62]DEMO

password_hash() – used to hash the password.
password_verify() – used to verify a password against its hash.

password_hash()

<?php
$password = "phpgang";
$hash = password_hash($passwod, PASSWORD_DEFAULT);
?>

Hash generated from above code is:

$2y$10$vdd/HDckxSzFdOMLZ4Rhh.M3MQeOsPCwcsvAFW3MJWMKdxdv63.

In this function the first parameter is your password and second parameter used to specify the algorithm to hash password.

PASSWORD_DEFAULT – is the bcrypt algorithm (default as of PHP 5.5.0).

If you are using PASSWORD_DEFAULT in your projects, its recommended to create column size must be larger than 60 characters to save hash if you define column to 255 would be good.

Most important is that you don’t have to provide salt (appending or pre-appending is called salt) this API can automatically generate random salt but if you want to give your own salt then there is an options to add it as a third parameter in it.

<?php
$options = [
    'salt' => function_for_salt(), // write your own code to generate a salt
    'cost' => 11 // allows for you to change the CPU cost of the algorithm
];
echo password_hash($password, PASSWORD_DEFAULT, $options);
?>

We have generated hashed password with this new API now its time to verify these passwords with password_verify(). This function takes plain password and hashed password which we have saved in database.

password_verify()

<?php
$passwod = "phpgang";
$hash = "$2y$10$vdd/HDckxSzFdOMLZ4Rhh.M3MQeOsPCwcsvAFW3MJWMKdxdv63.";
if (password_verify($password, $hash))
{
    // Password valid!!
}
else
{
    // Invalid password.
}
?>

This way you can verify your passwords and make your websites passwords strong with the latest API. If you are not using PHP 5.5 then there is a library available you can use that library [here] and create passwords in latest encryption.

I hope you like this tutorial feel free to comment your views.

Author Huzoor Bux

I am Huzoor Bux from Karachi (Pakistan). I have been working as a PHP Developer from last 5+ years, and its my passion to learn new things and implement them as a practice. Basically I am a PHP developer but now days exploring more in HTML5, CSS and jQuery libraries.


Tutorial Categories:

6 responses to “How to Hashing Password in PHP 5.5 with Password Hashing API”

  1. Husni's Elemento says:

    the better way how to secure password is to create our own function

    • huzoorbux says:

      Any reason?

      • Husni's Elemento says:

        example like this

        l>%z:_z4@n#u:l*l>f#v&ABDiReIStT’);
        define(‘AUTH_SALT_SS’, ‘(W(9@psfqf6tix5cIdzyj4LJ7Y/ROZC*e}5VnW[&j=|G@’);
        function ENKRIPSI_PASS($pass){
        $key1 = crypt(“$pass”,’$6a$’.SECURE_AUTH_KEY_SS);
        return $key1.AUTH_SALT_SS;
        }

  2. Guilherme Schumacher says:

    hello
    First of all, nice post! My question is: now that we have a specific function for password hash, the best method for verifying if the user is logged in some system is still by using sessions? or there’s a better way on some new 5.5 functions? Thanks in advance!

  3. gurwinder says:

    nice …

  4. Marco Ertl says:

    Hmn. I didnt noticed that there were already a function in php.. I used sha(‘512’, $salt . $password )

Leave a Reply

Your email address will not be published. Required fields are marked *