Create your own encrypted password using php
If you are developing a password-protected web site, you have to make a decision about how to store user password information securely. You can use predefine password encryption method.
Unsuitable for passwords for your Application
Why are common hashing functions such as md5 and sha1() unsuitable password for your application, because of now a modern computer can “reverse” these hashing algorithms, many security professionals strongly suggest against their use for password hashing. You can create your own password encryption using
password_hash() see example bellow :
* Note that the salt here is randomly generated. Never use a static salt or one that is not randomly generated.
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."\n";
Above example will output the password which is similar to :
password_hash() is used to hash given string using strongest algorithm currently available to stored password in database. See the bellow example how to stored password using
// storing password hash
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
$result = pg_query($connection, $query);
// querying if user submitted the right password
$query = sprintf("SELECT pwd FROM users WHERE name='%s';",
$row = pg_fetch_assoc(pg_query($connection, $query));
if ($row && password_verify($password, $row['pwd']))
echo 'Welcome, ' . htmlspecialchars($username) . '!';
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
Share your love to share this post with your friends and join us on Facebook to be the first to learn the next great thing from freewebmentor.
Prem Tiwari is the founder of FreeWebMentor.com and also a professional developer who has vast experience in PHP and open source technologies. Apart from this, he is a blogger by hobby and also he has been a regular speaker of WordPress sessions in various IT Companies. View all posts by Prem Tiwari