1//hash password
2$pass = password_hash($password, PASSWORD_DEFAULT);
3
4//verify password
5password_verify($password, $hashed_password); // returns true
1
2/* User's password. */
3$password = 'my secret password';
4
5/* Secure password hash. */
6$hash = password_hash($password, PASSWORD_DEFAULT);
7
8
1
2<?php
3/**
4 * We just want to hash our password using the current DEFAULT algorithm.
5 * This is presently BCRYPT, and will produce a 60 character result.
6 *
7 * Beware that DEFAULT may change over time, so you would want to prepare
8 * By allowing your storage to expand past 60 characters (255 would be good)
9 */
10echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT);
11?>
12
13
1
2<?php
3echo 'Argon2i hash: ' . password_hash('rasmuslerdorf', PASSWORD_ARGON2I);
4?>
5
6
1
2<?php
3/**
4 * In this case, we want to increase the default cost for BCRYPT to 12.
5 * Note that we also switched to BCRYPT, which will always be 60 characters.
6 */
7$options = [
8 'cost' => 12,
9];
10echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
11?>
12
13
1
2/* New password. */
3$password = $_POST['password'];
4
5/* Remember to validate the password. */
6
7/* Create the new password hash. */
8$hash = password_hash($password, PASSWORD_DEFAULT);
9
10
1
2/* Include the database connection script. */
3include 'pdo.php';
4
5/* Username. */
6$username = 'John';
7
8/* Password. */
9$password = 'my secret password';
10
11/* Secure password hash. */
12$hash = password_hash($password, PASSWORD_DEFAULT);
13
14/* Insert query template. */
15$query = 'INSERT INTO accounts (account_name, account_passwd) VALUES (:name, :passwd)';
16
17/* Values array for PDO. */
18$values = [':name' => $username, ':passwd' => $hash];
19
20/* Execute the query. */
21try
22{
23 $res = $pdo->prepare($query);
24 $res->execute($values);
25}
26catch (PDOException $e)
27{
28 /* Query error. */
29 echo 'Query error.';
30 die();
31}
32
33
1
2/* Include the database connection script. */
3include 'pdo.php';
4
5/* Login status: false = not authenticated, true = authenticated. */
6$login = FALSE;
7
8/* Username from the login form. */
9$username = $_POST['username'];
10
11/* Password from the login form. */
12$password = $_POST['password'];
13
14/* Remember to validate $username and $password. */
15
16/* Look for the username in the database. */
17$query = 'SELECT * FROM accounts WHERE (account_name = :name)';
18
19/* Values array for PDO. */
20$values = [':name' => $username];
21
22/* Execute the query */
23try
24{
25 $res = $pdo->prepare($query);
26 $res->execute($values);
27}
28catch (PDOException $e)
29{
30 /* Query error. */
31 echo 'Query error.';
32 die();
33}
34
35$row = $res->fetch(PDO::FETCH_ASSOC);
36
37/* If there is a result, check if the password matches using password_verify(). */
38if (is_array($row))
39{
40 if (password_verify($password, $row['account_passwd']))
41 {
42 /* The password is correct. */
43 $login = TRUE;
44 }
45}
46
47
1
2/* User's password. */
3$password = 'my secret password';
4
5/* MD5 hash to be saved in the database. */
6$hash = md5($password);
7
8
1
2/* 100 ms. */
3$time = 0.1;
4
5/* Initial cost. */
6$cost = 10;
7
8/* Loop until the time required is more than 100ms. */
9do
10{
11 /* Increase the cost. */
12 $cost++;
13
14 /* Check how much time we need to create the hash. */
15 $start = microtime(true);
16 password_hash('test', PASSWORD_BCRYPT, ['cost' => $cost]);
17 $end = microtime(true);
18}
19while (($end - $start) < $time);
20
21echo 'Cost found: ' . $cost;
22
23