How to Hash Password using PHP's password_hash()

Submitted by nurhodelta_17 on Saturday, March 31, 2018 - 21:58.

Getting Started

I've used Bootstrap in this tutorial which is a CSS framework and is included in the downloadable of this tutorial but if you want, you may download Bootstrap using this link.

Creating our Database

First, we are going to create a database where we put our registered users/members. I've included a .sql file in the downloadable of this tutorial which is a mysql database file. All you have to do is import the said file. If you have no idea on how to do this, please refer to my tutorial, How import .sql file to restore MySQL database. You should be able to create a database with tables named test.

Creating our Register Form

Next, before we can login, we first need to register the user/member and for that we need to create a register form. Create a new file, name it as new_account.php and paste the codes below.

<?php
	session_start();
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<title>How to Hash Password using PHP's password_hash()</title>
	<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
</head>
<body>
<div class="container">
	<h1 class="page-header text-center">Hash Password using PHP</h1>
	<div class="row">
		<div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;">
			<form method="POST" action="register.php">
				<p class="text-center" style="font-size:25px;"><b>Register</b></p>
				<hr>
				<div class="form-group">
					<label for="email">Email:</label>
					<input type="email" name="email" id="email" class="form-control" value="<?php echo (!empty($_SESSION['email']) ? $_SESSION['email'] : '') ?>">
				</div>
				<div class="form-group">
					<label for="password">Password:</label>
					<input type="password" name="password" id="password" class="form-control" value="<?php echo (!empty($_SESSION['password']) ? $_SESSION['password'] : '') ?>">
				</div>
				<div class="form-group">
					<label for="confirm_password">Confirm Password:</label>
					<input type="password" name="confirm_password" id="confirm_password" class="form-control" value="<?php echo (!empty($_SESSION['confirm_password']) ? $_SESSION['confirm_password'] : '') ?>">
				</div>
				<button type="submit" name="register" class="btn btn-success"><span class="glyphicon glyphicon-check"></span> Register</button> <a href="index.php">Already a member? Login</a>
			</form>
			<?php
				if(isset($_SESSION['error'])){
				?>
				<div class="alert alert-danger text-center" style="margin-top:20px;">
					<?php echo $_SESSION['error']; ?>
				</div>
				<?php
 
				unset($_SESSION['error']);
			}
 
			?>
 
		</div>
	</div>
</div>
</body>
</html>

Creating our Register Script

Next, we create the script to register our user. In here, we hash the password of the verified user to be inputted into our database. Create a new file, name it as register.php and paste the codes below.

<?php
	session_start();
 
	if(isset($_POST['register'])){
		//set database connection
		$conn = new mysqli('localhost', 'root', '', 'test');
 
		//check if password matches the confirm password
		if($_POST['password'] == $_POST['confirm_password']){
			//check if email exists in the database
			$sql = "SELECT * FROM members WHERE email = '".$_POST['email']."'";
			$query = $conn->query($sql);
			if($query->num_rows > 0){
				$_SESSION['error'] = 'Email already taken';
				//return the inputted fields
				$_SESSION['email'] = $_POST['email'];
				header('location: new_account.php');
			}
			else{
				//hash the password
				$hash_password = password_hash($_POST['password'], PASSWORD_DEFAULT);
				$sql = "INSERT INTO members (email, password) VALUES ('".$_POST['email']."', '$hash_password')";
				if($conn->query($sql)){
					//unset user inputs
					unset($_SESSION['email']);
					unset($_SESSION['password']);
					unset($_SESSION['confirm_password']);
					$_SESSION['success'] = 'Member registered successfully';
					header('location: index.php');
				}
				else{
					$_SESSION['error'] = 'Something went wrong in adding member to database';
					header('location: new_account.php');
				}
			}
		}
		else{
			$_SESSION['error'] = "Passwords did not match";
			//return the inputted fields
			$_SESSION['email'] = $_POST['email'];
			$_SESSION['password'] = $_POST['password'];
			$_SESSION['confirm_password'] = $_POST['confirm_password'];
			header('location: new_account.php');
		}
	}
	else{
		$_SESSION['error'] = "Fill up register form first";
		header('location: new_account.php');
	}
 
?>

Creating our Login Form

Next, we create our login form where we check our registered users/members. Create a new file, name it as index.php and paste the codes below.

<?php
	session_start();
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<title>How to Hash Password using PHP's password_hash()</title>
	<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
</head>
<body>
<div class="container">
	<h1 class="page-header text-center">Hash Password using PHP</h1>
	<div class="row">
		<div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;">
			<form method="POST" action="login.php">
				<p class="text-center" style="font-size:25px;"><b>Login</b></p>
				<hr>
				<div class="form-group">
					<label for="email">Email:</label>
					<input type="email" name="email" id="email" class="form-control">
				</div>
				<div class="form-group">
					<label for="password">Password:</label>
					<input type="password" name="password" id="password" class="form-control">
				</div>
				<button type="submit" name="login" class="btn btn-primary"><span class="glyphicon glyphicon-log-in"></span> Login</button> <a href="new_account.php">Register a new account</a>
			</form>
			<?php
				if(isset($_SESSION['error'])){
					?>
					<div class="alert alert-danger text-center" style="margin-top:20px;">
						<?php echo $_SESSION['error']; ?>
					</div>
					<?php
 
					unset($_SESSION['error']);
				}
 
 
 
				if(isset($_SESSION['success'])){
					?>
					<div class="alert alert-success text-center" style="margin-top:20px;">
						<?php echo $_SESSION['success']; ?>
					</div>
					<?php
 
					unset($_SESSION['success']);
				}
			?>
		</div>
	</div>
</div>
</body>
</html>

Creating our Login Script

Lastly, we create our login script to check if the user exists in our database. Create a new file, name it as login.php and paste the codes below.

<?php
	session_start();
 
	if(isset($_POST['login'])){
		//connection
		$conn = new mysqli('localhost', 'root', '', 'test');
 
		//get the user with the email
		$sql = "SELECT * FROM members WHERE email = '".$_POST['email']."'";
		$query = $conn->query($sql);
		if($query->num_rows > 0){
			$row = $query->fetch_assoc();
			//verify password
			if(password_verify($_POST['password'], $row['password'])){
				//action after a successful login
				//for now just message a successful login
				$_SESSION['success'] = 'Login successful';
			}
			else{
				$_SESSION['error'] = 'Password incorrect';
			}
		}
		else{
			$_SESSION['error'] = 'No account with that email';
		}
	}
	else{
		$_SESSION['error'] = 'Fill up login form first';
	}
 
	header('location: index.php');
 
?>

That ends this tutorial. Happy Coding :)

Add new comment

599 views