Store Passwords Securely with PHP
The Secure Passwords app generate unique passwords for every using the most secure bCrypt algorithm. The open source PHPass library also uses the Blowfish-based bcrypt library to create password hashes that you can use to store passwords in the database.
When the user enter a password during login, you can compute the hash and compare it with the hash in your database. This is more secure than other algorithms like md5, sha1, sha512, etc since they can be reversed though brutal force.
<?php // Include the phpass library require 'PasswordHash.php'; // Try to use stronger but system-specific hashes, with a possible fallback to // the weaker portable hashes. $hasher = new PasswordHash(8, false); // Hash the password and store result in the database $hashedPassword = $hasher->HashPassword('correct password'); // Check if a user has provided the correct password by comparing what they typed with our hash $hasher->CheckPassword('wrong password', $hashedPassword); // false $hasher->CheckPassword('correct password', $hashedPassword); // true ?>
Google Developer Expert, Google Cloud Champion
Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India.