Store Passwords Securely with PHP

Published in: PHP

The Secure Passwords app generate unique passwords for every using the most secure bCrypt algorithm. The open source PHPass library also uses the Blowfish-based bcrypt library to create password hashes that you can use to store passwords in the database.

When the user enter a password during login, you can compute the hash and compare it with the hash in your database. This is more secure than other algorithms like md5, sha1, sha512, etc since they can be reversed though brutal force.

// Include the phpass library
require 'PasswordHash.php';

// Try to use stronger but system-specific hashes, with a possible fallback to
// the weaker portable hashes.
$hasher = new PasswordHash(8, false);

// Hash the password and store result in the database
$hashedPassword = $hasher->HashPassword('correct password');

// Check if a user has provided the correct password by comparing what they typed with our hash
$hasher->CheckPassword('wrong password', $hashedPassword); // false
$hasher->CheckPassword('correct password', $hashedPassword); // true
Published in: PHP

Looking for something? Find here!

Meet the Author

Web Geek, Tech Columnist
Amit Agarwal

Amit Agarwal is a Google Developer Expert in GSuite and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India. Read more on Lifehacker and YourStory

Get in touch