In this tutorial, you will how to use the Different built-in functions of PHP for encrypting or hashing passwords. The tutorial aims to provide a reference for students or self-learners that are learning and planning to develop an application using PHP Language. The tutorial can help you to secure your application's user password. Here, snippets and a sample login and registration source code that demonstrates the password hashing or encryption are provided and free to download.
Hashing is a way or process that converts or transforms any given string or key into an encrypted value. In programming, it generates a new value according to the mathematical algorithm that is available to programming languages. This process is commonly used for encrypting passwords.
PHP comes with multiple functions and some of them are used for hashing keys or values. The below functions are the most common and used for hashing a string.
Sample Hash Generation
Encrypting the passwords of your site users is the best practice and feature that must implement for a certain site or web application. It is one of the ways for securing your site data from malicious hackers.
The best hashing function for securing your users' passwords is the password_hash(). Although MD5 and SHA1 functions can be also used for hashing passwords, these functions are too weak, simple, and not-salted hashes that are vulnerable to rainbow tables and dictionary attacks. Furthermore, requiring your users to provide a password such as a password that contains an alphanumeric with valid symbols and characters will result in a strong password and complicated for hackers to decrypt.
Here are some scripts of an example web application that demonstrate the usage of the password_hash() function of PHP. The application is a simple login and registration system for a certain site.
Database Name: sample_login
The below script contains the HTML code for the registration form page interface and PHP codes for hashing the password and inserting the user details into the database.
register.php
<?php if($_SERVER['REQUEST_METHOD'] == 'POST'){ include_once("db-connect.php"); extract($_POST); $password = password_hash($password, PASSWORD_DEFAULT); $check_duplicate = $conn->query("SELECT id FROM `users` where `email` = '{$email}'")->num_rows; if($check_duplicate < 1){ $sql = "INSERT INTO `users` (`name`, `email`, `password`) VALUES ('{$name}', '{$email}', '{$password}')"; $insert = $conn->query($sql); if($insert){ exit; }else{ } }else{ } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"> <link rel="stylesheet" href="assets/css/styles.css"> <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script> </head> <body> <script> start_loader() </script> <main> <nav class="navbar navbar-expand-lg navbar-dark bg-gradient"> <div class="container"> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation"> </button> <div class="collapse navbar-collapse" id="navbarNav"> <ul class="navbar-nav"> <li class="nav-item"> </li> <li class="nav-item"> </li> <li class="nav-item"> </li> </ul> </div> </div> </nav> <div id="main-wrapper"> <div class="container-md px-5 my-3"> <div class="col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto"> <div class="card rounded-0 shadow"> <div class="card-header rounded-0"> </div> <div class="card-body rounded-0"> <div class="container-fluid"> <form action="" id="register" method="POST"> <div class="mb-3"> <input type="text" class="form-control rounded-0" name="name" id="name" value="<?= $_POST['name'] ?? "" ?>" required> </div> <div class="mb-3"> <input type="text" class="form-control rounded-0" name="email" id="email" value="<?= $_POST['email'] ?? "" ?>" required> </div> <div class="mb-3"> <input type="password" class="form-control rounded-0" name="password" id="password" value="" required> </div> <div class="mb-3 text-center"> <div class="col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto"> </div> </div> </form> </div> </div> </div> </div> </div> </div> <footer class="shadow-top py-4 col-auto"> <div class=""> <div class="text-center"> </div> <div class="text-center"> <a href="mailto:[email protected]" class="text-decoration-none text-body-secondary">[email protected]</a> </div> </div> </footer> </main> </body> </html>
Output
The script below contains the HTML code of the login form page interface and PHP codes for checking or validating the entered user credentials.
login.php
<?php if($_SERVER['REQUEST_METHOD'] == 'POST'){ include_once("db-connect.php"); extract($_POST); $sql = "SELECT * FROM `users` where `email` = '{$email}'"; $get = $conn->query($sql); if($get->num_rows > 0){ $data = $get->fetch_assoc(); $is_verify = password_verify($password, $data['password']); if($is_verify){ }else{ } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"> <link rel="stylesheet" href="assets/css/styles.css"> <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script> </head> <body> <script> start_loader() </script> <main> <nav class="navbar navbar-expand-lg navbar-dark bg-gradient"> <div class="container"> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation"> </button> <div class="collapse navbar-collapse" id="navbarNav"> <ul class="navbar-nav"> <li class="nav-item"> </li> <li class="nav-item"> </li> <li class="nav-item"> </li> </ul> </div> </div> </nav> <div id="main-wrapper"> <div class="container-md px-5 my-3"> <div class="col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto"> <div class="card rounded-0 shadow"> <div class="card-header rounded-0"> </div> <div class="card-body rounded-0"> <div class="container-fluid"> <form action="" id="register" method="POST"> <div class="mb-3"> <input type="text" class="form-control rounded-0" name="email" id="email" value="<?= $_POST['email'] ?? "" ?>" required> </div> <div class="mb-3"> <input type="password" class="form-control rounded-0" name="password" id="password" value="" required> </div> <div class="mb-3 text-center"> <div class="col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto"> </div> </div> </form> </div> </div> </div> </div> </div> </div> <footer class="shadow-top py-4 col-auto"> <div class=""> <div class="text-center"> </div> <div class="text-center"> <a href="mailto:[email protected]" class="text-decoration-none text-body-secondary">[email protected]</a> </div> </div> </footer> </main> </body> </html>
Output
That's it! I have provided also the source code zip that I created for this tutorial on this site and is free to download. Feel free to download it by clicking the download button located below this tutorial's content.
That's the end of this tutorial. I hope this Password Hashing in PHP tutorial will help you with what you are looking for and will be useful for your current and future PHP Projects.
Explore more on this website for more Tutorials and Free Source Codes.