Create your own encrypted password using php
If you are developing a password-protected web site, you have to make a decision about how to store user password information securely. You can use predefine password encryption method.
Unsuitable for passwords for your Application
Why are common hashing functions such as md5 and sha1() unsuitable password for your application, because of now a modern computer can “reverse” these hashing algorithms, many security professionals strongly suggest against their use for password hashing. You can create your own password encryption using
password_hash() see example bellow :
* Note that the salt here is randomly generated. Never use a static salt or one that is not randomly generated.
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."\n";
Above example will output the password which is similar to :
password_hash() is used to hash given string using strongest algorithm currently available to stored password in database. See the bellow example how to stored password using
// storing password hash
$query = sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
$result = pg_query($connection, $query);
// querying if user submitted the right password
$query = sprintf("SELECT pwd FROM users WHERE name='%s';",
$row = pg_fetch_assoc(pg_query($connection, $query));
if ($row && password_verify($password, $row['pwd']))
echo 'Welcome, ' . htmlspecialchars($username) . '!';
echo 'Authentication failed for ' . htmlspecialchars($username) . '.';
Share your love to share this post with your friends and join us on Facebook to be the first to learn the next great thing from freewebmentor.
If you like FreeWebMentor and you would like to contribute, you can write an article and mail your article to [email protected] Your article will appear on the FreeWebMentor main page and help other developers.