etutorialspoint
  • Home
  • Interview
  • PHP
  • MySQL
  • MongoDB
  • HTML
  • Javascript
  • Node.js
  • Express.js
  • Python
  • Jquery
  • R
  • Kotlin
  • Exercises
  • Blogs

PHP7 Password Hashing

In this article, we will learn how to store more secure password in database by password hashing.

Web security is an important topic, it attracts both developers who created the application and hackers who try to exploit the system. As the developers are using modern technology to advanced their applications, the attackers are also using advanced hacking technology. This results in a large number of web applications vulnerabilities.

PHP7 cryptography hash functions are considered more secure for digital signature, authentication, password hashing and much more web security. In this article, you will learn modern password hashing using PHP7 Sodium Cryptography Library. For this, we should have enabled Sodium extension. If you do not have this enabled, you can learn from here -
'Install PHP Libsodium in Wampserver'

PHP7 Password Hashing

Hash a password for storage

For password hashing, we have used 'sodium_crypto_pwhash_str()' hashing method, it generates an ASCII encoded hash for password storage.

sodium_crypto_pwhash_str(string $password, int $opslimit , int $memlimit)

Parameters

$password - Password entered by the user at the time of registration.
$opslimit - It represents the maximum amount of computations to perform. PHP provides some constants to set this operation limit. In this article, we are using SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE.
$memlimit - It represents the maximum amount of RAM that the function will use. PHP provides some constants to set this limit. In this article, we are taken SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE to set limit. This below code generates a hash string of 97 bytes.

<?php
$password = 'password';

$hash = sodium_crypto_pwhash_str(
    $password,
    SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
    SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
); ?>

Use this generated hash string as a password value in the SQL insert query.

Verify user password

Now, let's know how to verify the user with the correct password at the time of login. For this, the PHP Sodium Crypto Library provides a function sodium_crypto_pwhash_str_verify() that verify a password matches with the stored hash.

sodium_crypto_pwhash_str_verify(string $hash , string $password )

This function accepts two parameters -
$hash - hash generated by sodium_crypto_pwhash_str() or fetched password hash value from the database storage.
$password - password entered by the user at the time of login.

<?php
echo sodium_crypto_pwhash_str_verify($hash, $password) ?
     'Correct password' : 'Error';
?>

This function always returns a Boolean value, i.e., TRUE if the password and hash match, or FALSE otherwise.


Related Articles

PHP7 Sodium Encryption Decryption
Recover forgot password using PHP and MySQL
PHP Secure User Registration with Login/logout
PHP user registration & login/ logout with secure password encryption

◀ Previous Article
PHP7.3 New Features, Functions and Deprecated Functions
Next Article ▶
PHP7 Sodium Encryption Decryption
Most Popular Development Resources
Retrieve Data From Database Without Page refresh Using AJAX, PHP and Javascript
-----------------
Characteristics of a Good Computer Program
-----------------
Get current visitor\'s location using HTML5 Geolocation API and PHP
-----------------
Simple star rating system using PHP, jQuery and Ajax
-----------------
Dynamically Add/Delete HTML Table Rows Using Javascript
-----------------
PHP MYSQL Advanced Search Feature
-----------------
How to Sort Table Data in PHP and MySQL
-----------------
Submit a form data using PHP, AJAX and Javascript
-----------------
jQuery loop over JSON result after AJAX Success
-----------------
Simple pagination in PHP
-----------------
PHP user registration and login/ logout with secure password encryption
-----------------
Polling system using PHP, Ajax and MySql
-----------------
jQuery File upload progress bar with file size validation
-----------------
Fibonacci Series Program in PHP
-----------------
PHP Secure User Registration with Login/logout
-----------------
Create pie chart using Google API, PHP and MySQL
-----------------
SQL Injection Prevention Techniques
-----------------
PDO MySQL Connection in PHP
-----------------
Create And Download Word Document in PHP
-----------------
Recover forgot password using PHP7 and MySQLi
-----------------
How to add multiple custom markers on google map
-----------------
Hypertext Transfer Protocol Overview
-----------------
Php file based authentication
-----------------
Set and Get Cookies in PHP
-----------------
Convert MySQL to JSON using PHP
-----------------
PHP code to send email using SMTP
-----------------
Detect Mobile Devices in PHP
-----------------
Date Timestamp Formats in PHP
-----------------
Simple PHP File Cache
-----------------
Get Visitor\'s location and TimeZone
-----------------
Simple File Upload Script in PHP
-----------------
PHP Server Side Form Validation
-----------------
Simple Show Hide Menu Navigation
-----------------
To check whether a year is a leap year or not in php
-----------------
Calculate the distance between two locations using PHP
-----------------
How to generate QR Code in PHP
-----------------
How to get current directory, filename and code line number in PHP
-----------------
Simple XML Manipulation In PHP
-----------------
Sending form data to an Email using PHP
-----------------
PHP User Authentication by IP Address
-----------------
Simple way to send SMTP mail using Node.js
-----------------
Divide Large Data Into Two Columns Using PHP
-----------------
PHP Programming Error Types
-----------------
Preventing Cross Site Request Forgeries(CSRF) in PHP
-----------------
Driving route directions from source to destination using HTML5 and Javascript
-----------------
CSS Simple Menu Navigation Bar
-----------------
How to use google map street view api on webpage
-----------------
How to select/deselect all checkboxes using Javascript
-----------------
How to encrypt password in PHP
-----------------
How to add google map on your website and display address on click marker
-----------------
Print different sections of a web page using javascript
-----------------
Getting Document of Remote Address
-----------------
File Upload Validation in PHP
-----------------
PHP Connection and File Handling on FTP Server
-----------------
R Plot Types
-----------------


Most Popular Blogs
Most in demand programming languages
Best mvc PHP frameworks in 2019
MariaDB vs MySQL
Most in demand NoSQL databases for 2019
Best AI Startups In India
Kotlin : Android App Development Choice
Kotlin vs Java which one is better
Top Android App Development Languages in 2019
Web Robots
Data Science Recruitment of Freshers - 2019


Blogs

  • Jan 27

    Best AI Startups In India

    Artificial Intelligence is a process of making an intelligent computer machine that does tasks intelligently...

  • Jan 23

    Most in demand programming languages for 2019

    In this article, we have mentioned the analyzed results of the most in demand programming language for 2019...

  • Jan 15

    Web Robots

    Web robots is an internet robot or simply crawlers, or spiders and do not relate this with hardware robots...

  • Jan 12

    Most in demand NoSQL databases software for 2019

    In this article, we have mentioned the analyzed result of most in demand NoSQL database softwares for 2019...

  • Jan 10

    Kotlin : Android App Development Choice

    Kotlin is a general-purpose open-source programming language. It runs on the JVM and its syntax is much like Java...

Follow us

  • etutorialspoint facebook
  • etutorialspoint twitter
  • etutorialspoint linkedin
etutorialspoint youtube
About Us      Contact Us


  • eTutorialsPoint©Copyright 2019. All Rights Reserved.