Password Hashing in PHP

Submitted by oretnom23 on Wednesday, February 15, 2023 - 13:11.

In this tutorial, you will how to use the Different built-in functions of PHP for encrypting or hashing passwords. The tutorial aims to provide a reference for students or self-learners that are learning and planning to develop an application using PHP Language. The tutorial can help you to secure your application's user password. Here, snippets and a sample login and registration source code that demonstrates the password hashing or encryption are provided and free to download.

What is Hashing?

Hashing is a way or process that converts or transforms any given string or key into an encrypted value. In programming, it generates a new value according to the mathematical algorithm that is available to programming languages. This process is commonly used for encrypting passwords.

What are the Different built-in functions in PHP for hashing?

PHP comes with multiple functions and some of them are used for hashing keys or values. The below functions are the most common and used for hashing a string.

  • md5() - a hashing function of PHP that calculate the md5 hash of the given string.
  • sha1() - a hashing function of PHP that calculate the sha1 hash of the given string.
  • hash() - a hashing function of PHP that generates a hash value of the given string or key. This function can generate hash values using multiple algorithms such as md5, sha256, etc.
  • password_hash() - a hashing function for generating the password hash value. This function generates a strong one-way hashing algorithm and also supports multiple other algorithms.

Sample Hash Generation

simple login and registration

What is the Best Function to Encrypt Passwords in PHP?

Encrypting the passwords of your site users is the best practice and feature that must implement for a certain site or web application. It is one of the ways for securing your site data from malicious hackers.

The best hashing function for securing your users' passwords is the password_hash(). Although MD5 and SHA1 functions can be also used for hashing passwords, these functions are too weak, simple, and not-salted hashes that are vulnerable to rainbow tables and dictionary attacks. Furthermore, requiring your users to provide a password such as a password that contains an alphanumeric with valid symbols and characters will result in a strong password and complicated for hackers to decrypt.

Example

Here are some scripts of an example web application that demonstrate the usage of the password_hash() function of PHP. The application is a simple login and registration system for a certain site.

Database Schema

Database Name: sample_login

  1. CREATE TABLE `users` (
  2.     `id` int(30) NOT NULL PRIMARY KEY AUTO_INCREMENT,
  3.     `name` text NOT NULL,
  4.     `email` text NOT NULL,
  5.     `password` text NOT NULL
  6.     ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

Registration

The below script contains the HTML code for the registration form page interface and PHP codes for hashing the password and inserting the user details into the database.

register.php

  1. <?php 
  2. if($_SERVER['REQUEST_METHOD'] == 'POST'){
  3.     include_once("db-connect.php");
  4.     extract($_POST);
  5.     $password = password_hash($password, PASSWORD_DEFAULT);
  6.     $check_duplicate = $conn->query("SELECT id FROM `users` where `email` = '{$email}'")->num_rows;
  7.     if($check_duplicate < 1){
  8.         $sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES ('{$name}', '{$email}', '{$password}')";
  9.         $insert = $conn->query($sql);
  10.         if($insert){
  11.             echo "<script> alert('Account has been created successfully.'); location.replace('login.php');</script>";
  12.             exit;
  13.         }else{
  14.             echo "<script> alert('Registration Failed!.');</script>";
  15.         }
  16.     }else{
  17.         echo "<script> alert('Registration Failed! Email already exists.');</script>";
  18.     }
  19. } 
  20. ?>
  21. <!DOCTYPE html>
  22. <html lang="en">
  23. <head>
  24.     <meta charset="UTF-8">
  25.     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  26.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  27.     <title>PHP - Password Hashing</title>
  28.     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer" />
  29.     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
  30.     <link rel="stylesheet" href="assets/css/styles.css">
  31.     <script src="https://code.jquery.com/jquery-3.6.1.js" integrity="sha256-3zlB5s2uwoUzrXK3BT7AX3FyvojsraNFxCc2vC/7pNI=" crossorigin="anonymous"></script>
  32.     <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script>
  33.     <script src="assets/js/script.js"></script>
  34.  
  35. </head>
  36. <body>
  37.     <script>
  38.         start_loader()
  39.     </script>
  40.     <main>
  41.         <nav class="navbar navbar-expand-lg navbar-dark bg-gradient">
  42.             <div class="container">
  43.                 <a class="navbar-brand" href="./">PHP - Password Hashing</a>
  44.                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
  45.                     <span class="navbar-toggler-icon"></span>
  46.                 </button>
  47.                 <div class="collapse navbar-collapse" id="navbarNav">
  48.                     <ul class="navbar-nav">
  49.                         <li class="nav-item">
  50.                         <a class="nav-link" href="./">Home</a>
  51.                         </li>
  52.                         <li class="nav-item">
  53.                         <a class="nav-link" href="login.php">Login</a>
  54.                         </li>
  55.                         <li class="nav-item">
  56.                         <a class="nav-link active" aria-current="page" href="register.php">Registration</a>
  57.                         </li>
  58.                     </ul>
  59.                 </div>
  60.                 <a href="https://sourcecodester.com" class="text-light fw-bolder h6 text-decoration-none" target="_blank">SourceCodester</a>
  61.             </div>
  62.         </nav>
  63.         <div id="main-wrapper">
  64.             <div class="container-md px-5 my-3">
  65.                 <div class="col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto">
  66.                     <div class="card rounded-0 shadow">
  67.                         <div class="card-header rounded-0">
  68.                             <div class="card-title"><b>Registration</b></div>
  69.                         </div>
  70.                         <div class="card-body rounded-0">
  71.                             <div class="container-fluid">
  72.                                 <form action="" id="register" method="POST">
  73.                                     <div class="mb-3">
  74.                                         <label for="name" class="form-label fw-light">Name</label>
  75.                                         <input type="text" class="form-control rounded-0" name="name" id="name" value="<?= $_POST['name'] ?? "" ?>" required>
  76.                                     </div>
  77.                                     <div class="mb-3">
  78.                                         <label for="email" class="form-label fw-light">Email</label>
  79.                                         <input type="text" class="form-control rounded-0" name="email" id="email" value="<?= $_POST['email'] ?? "" ?>" required>
  80.                                     </div>
  81.                                     <div class="mb-3">
  82.                                         <label for="password" class="form-label fw-light">Password</label>
  83.                                         <input type="password" class="form-control rounded-0" name="password" id="password" value="" required>
  84.                                     </div>
  85.                                     <div class="mb-3 text-center">
  86.                                         <div class="col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto">
  87.                                             <button class="btn btn-primary rounded-pill">Register</button>
  88.                                         </div>
  89.                                     </div>
  90.                                 </form>
  91.                             </div>
  92.                         </div>
  93.                     </div>
  94.                 </div>
  95.             </div>
  96.         </div>
  97.         <footer class="shadow-top py-4 col-auto">
  98.             <div class="">
  99.                 <div class="text-center">
  100.                     All Rights Reserved &copy; <span id="dt-year"></span> | <span class="text-muted">PHP - Password Hashing</span>
  101.                 </div>
  102.                 <div class="text-center">
  103.                     <a href="mailto:[email protected]" class="text-decoration-none text-body-secondary">[email protected]</a>
  104.                 </div>
  105.             </div>
  106.         </footer>
  107.     </main>
  108. </body>
  109. </html>

Output

simple login and registration

Login

The script below contains the HTML code of the login form page interface and PHP codes for checking or validating the entered user credentials.

login.php

  1. <?php 
  2. if($_SERVER['REQUEST_METHOD'] == 'POST'){
  3.     include_once("db-connect.php");
  4.     extract($_POST);
  5.     $sql = "SELECT * FROM `users` where `email` = '{$email}'";
  6.     $get = $conn->query($sql);
  7.     if($get->num_rows > 0){
  8.         $data = $get->fetch_assoc();
  9.         $is_verify = password_verify($password, $data['password']);
  10.         if($is_verify){
  11.             echo "<script> alert('Welcome {$data['name']}!'); location.replace('index.php');</script>";
  12.         }else{
  13.             echo "<script> alert('Login Failed!.');</script>";
  14.         }
  15.     }
  16. } 
  17. ?>
  18. <!DOCTYPE html>
  19. <html lang="en">
  20. <head>
  21.     <meta charset="UTF-8">
  22.     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  23.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  24.     <title>PHP - Password Hashing</title>
  25.     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer" />
  26.     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css">
  27.     <link rel="stylesheet" href="assets/css/styles.css">
  28.     <script src="https://code.jquery.com/jquery-3.6.1.js" integrity="sha256-3zlB5s2uwoUzrXK3BT7AX3FyvojsraNFxCc2vC/7pNI=" crossorigin="anonymous"></script>
  29.     <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script>
  30.     <script src="assets/js/script.js"></script>
  31.  
  32. </head>
  33. <body>
  34.     <script>
  35.         start_loader()
  36.     </script>
  37.     <main>
  38.     <nav class="navbar navbar-expand-lg navbar-dark bg-gradient">
  39.             <div class="container">
  40.                 <a class="navbar-brand" href="./">PHP - Password Hashing</a>
  41.                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
  42.                     <span class="navbar-toggler-icon"></span>
  43.                 </button>
  44.                 <div class="collapse navbar-collapse" id="navbarNav">
  45.                     <ul class="navbar-nav">
  46.                         <li class="nav-item">
  47.                         <a class="nav-link" href="./">Home</a>
  48.                         </li>
  49.                         <li class="nav-item">
  50.                         <a class="nav-link active" aria-current="page" href="login.php">Login</a>
  51.                         </li>
  52.                         <li class="nav-item">
  53.                         <a class="nav-link" href="register.php">Registration</a>
  54.                         </li>
  55.                     </ul>
  56.                 </div>
  57.                 <a href="https://sourcecodester.com" class="text-light fw-bolder h6 text-decoration-none" target="_blank">SourceCodester</a>
  58.  
  59.             </div>
  60.         </nav>
  61.         <div id="main-wrapper">
  62.             <div class="container-md px-5 my-3">
  63.                 <div class="col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto">
  64.                     <div class="card rounded-0 shadow">
  65.                         <div class="card-header rounded-0">
  66.                             <div class="card-title"><b>Login</b></div>
  67.                         </div>
  68.                         <div class="card-body rounded-0">
  69.                             <div class="container-fluid">
  70.                                 <form action="" id="register" method="POST">
  71.                                     <div class="mb-3">
  72.                                         <label for="email" class="form-label fw-light">Email</label>
  73.                                         <input type="text" class="form-control rounded-0" name="email" id="email" value="<?= $_POST['email'] ?? "" ?>" required>
  74.                                     </div>
  75.                                     <div class="mb-3">
  76.                                         <label for="password" class="form-label fw-light">Password</label>
  77.                                         <input type="password" class="form-control rounded-0" name="password" id="password" value="" required>
  78.                                     </div>
  79.                                     <div class="mb-3 text-center">
  80.                                         <div class="col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto">
  81.                                             <button class="btn btn-primary rounded-pill">Login</button>
  82.                                         </div>
  83.                                     </div>
  84.                                 </form>
  85.                             </div>
  86.                         </div>
  87.                     </div>
  88.                 </div>
  89.             </div>
  90.         </div>
  91.         <footer class="shadow-top py-4 col-auto">
  92.             <div class="">
  93.                 <div class="text-center">
  94.                     All Rights Reserved &copy; <span id="dt-year"></span> | <span class="text-muted">PHP - Password Hashing</span>
  95.                 </div>
  96.                 <div class="text-center">
  97.                     <a href="mailto:[email protected]" class="text-decoration-none text-body-secondary">[email protected]</a>
  98.                 </div>
  99.             </div>
  100.         </footer>
  101.     </main>
  102. </body>
  103. </html>

Output

simple login and registration

DEMO VIDEO

That's it! I have provided also the source code zip that I created for this tutorial on this site and is free to download. Feel free to download it by clicking the download button located below this tutorial's content.

That's the end of this tutorial. I hope this Password Hashing in PHP tutorial will help you with what you are looking for and will be useful for your current and future PHP Projects.

Explore more on this website for more Tutorials and Free Source Codes.

Happy Coding =)

Tags

Add new comment

About text formats
  • 999 views