etutorialspoint
  • Home
  • PHP
  • MySQL
  • MongoDB
  • HTML
  • Javascript
  • Node.js
  • Express.js
  • Python
  • Jquery
  • R
  • Kotlin
  • DS
  • Blogs
  • Theory of Computation

PHP7 Password Hashing

In this article, we will learn how to store more secure passwords in database by password hashing.

Web security is an important topic, it attracts both developers who created the application and hackers who try to exploit the system. As the developers are using modern technology to advanced their applications, the attackers are also using advanced hacking technology. This results in a large number of web applications vulnerabilities.

PHP7 cryptography hash functions are considered more secure for digital signature, authentication, password hashing and much more web security. In this article, you will learn modern password hashing using PHP7 Sodium Cryptography Library. For this, we should have enabled Sodium extension. If you do not have this enabled, you can learn from here -
'Install PHP Libsodium in Wampserver'

PHP7 Password Hashing

Hash a password for storage

For password hashing, we have used 'sodium_crypto_pwhash_str()' hashing method, it generates an ASCII encoded hash for password storage.

sodium_crypto_pwhash_str(string $password, int $opslimit , int $memlimit)

Parameters

$password - Password entered by the user at the time of registration.
$opslimit - It represents the maximum amount of computations to perform. PHP provides some constants to set this operation limit. In this article, we are using SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE.
$memlimit - It represents the maximum amount of RAM that the function will use. PHP provides some constants to set this limit. In this article, we are taken SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE to set limit. This below code generates a hash string of 97 bytes.

<?php
$password = 'password';

$hash = sodium_crypto_pwhash_str(
    $password,
    SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
    SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
); ?>

Use this generated hash string as a password value in the SQL insert query.



Verify user password

Now, let's know how to verify the user with the correct password at the time of login. For this, the PHP Sodium Crypto Library provides a function sodium_crypto_pwhash_str_verify() that verify a password matches with the stored hash.

sodium_crypto_pwhash_str_verify(string $hash , string $password )

This function accepts two parameters -
$hash - hash generated by sodium_crypto_pwhash_str() or fetched password hash value from the database storage.
$password - password entered by the user at the time of login.

<?php
echo sodium_crypto_pwhash_str_verify($hash, $password) ?
     'Correct password' : 'Error';
?>

This function always returns a Boolean value, i.e., TRUE if the password and hash match or FALSE otherwise.





Related Articles

PHP User Authentication by IP Address
How to encrypt password in PHP
Different datatype comparison in PHP
PHP loop through an associative array
PHP CURL Cookie Jar
PHP remove last character from string
PHP calculate percentage of total
Insert image in database using PHP
PHP set a cookie to store login detail
PHP7 Sodium Encryption Decryption
Recover forgot password using PHP and MySQL
PHP Secure User Registration with Login/logout
PHP user registration & login/ logout with secure password encryption
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server




Most Popular Development Resources
Retrieve Data From Database Without Page refresh Using AJAX, PHP and Javascript
-----------------
PHP Create Word Document from HTML
-----------------
How to get data from XML file in PHP
-----------------
Hypertext Transfer Protocol Overview
-----------------
PHP code to send email using SMTP
-----------------
Characteristics of a Good Computer Program
-----------------
How to encrypt password in PHP
-----------------
Create Dynamic Pie Chart using Google API, PHP and MySQL
-----------------
PHP MySQL PDO Database Connection and CRUD Operations
-----------------
Splitting MySQL Results Into Two Columns Using PHP
-----------------
Dynamically Add/Delete HTML Table Rows Using Javascript
-----------------
How to get current directory, filename and code line number in PHP
-----------------
How to add multiple custom markers on google map
-----------------
Get current visitor\'s location using HTML5 Geolocation API and PHP
-----------------
Fibonacci Series Program in PHP
-----------------
Simple star rating system using PHP, jQuery and Ajax
-----------------
How to Sort Table Data in PHP and MySQL
-----------------
Simple pagination in PHP with MySQL
-----------------
How to generate QR Code in PHP
-----------------
Submit a form data using PHP, AJAX and Javascript
-----------------
PHP MYSQL Advanced Search Feature
-----------------
jQuery loop over JSON result after AJAX Success
-----------------
Recover forgot password using PHP7 and MySQLi
-----------------
PHP Server Side Form Validation
-----------------
jQuery File upload progress bar with file size validation
-----------------
PHP user registration and login/ logout with secure password encryption
-----------------
To check whether a year is a leap year or not in php
-----------------
Simple File Upload Script in PHP
-----------------
Php file based authentication
-----------------
Simple PHP File Cache
-----------------
PHP User Authentication by IP Address
-----------------
Calculate the distance between two locations using PHP
-----------------
PHP Secure User Registration with Login/logout
-----------------
Polling system using PHP, Ajax and MySql
-----------------
How to print specific part of a web page in javascript
-----------------
Detect Mobile Devices in PHP
-----------------
Simple Show Hide Menu Navigation
-----------------
Simple way to send SMTP mail using Node.js
-----------------
SQL Injection Prevention Techniques
-----------------
Get Visitor\'s location and TimeZone
-----------------
Preventing Cross Site Request Forgeries(CSRF) in PHP
-----------------
PHP Sending HTML form data to an Email
-----------------
Google Street View API Example
-----------------
CSS Simple Menu Navigation Bar
-----------------
Date Timestamp Formats in PHP
-----------------
Driving route directions from source to destination using HTML5 and Javascript
-----------------
Convert MySQL to JSON using PHP
-----------------
PHP Programming Error Types
-----------------
Set and Get Cookies in PHP
-----------------
How to add google map on your website and display address on click marker
-----------------
How to select/deselect all checkboxes using Javascript
-----------------
PHP Getting Document of Remote Address
-----------------
How to display PDF file in web page from Database in PHP
-----------------
File Upload Validation in PHP
-----------------
PHP FTP Connection and File Handling
-----------------


Most Popular Blogs
Most in demand programming languages
Best mvc PHP frameworks in 2019
MariaDB vs MySQL
Most in demand NoSQL databases for 2019
Best AI Startups In India
Kotlin : Android App Development Choice
Kotlin vs Java which one is better
Top Android App Development Languages in 2019
Web Robots
Data Science Recruitment of Freshers - 2019





General Knowledge

listen
listen
listen
listen
listen
listen
listen
listen
listen


Learn Popular Language

listen
listen
listen
listen
listen

Blogs

  • Jan 3

    Stateful vs Stateless

    A Stateful application recalls explicit subtleties of a client like profile, inclinations, and client activities...

  • Dec 29

    Best programming language to learn in 2021

    In this article, we have mentioned the analyzed results of the best programming language for 2021...

  • Dec 20

    How is Python best for mobile app development?

    Python has a set of useful Libraries and Packages that minimize the use of code...

  • July 18

    Learn all about Emoji

    In this article, we have mentioned all about emojis. It's invention, world emoji day, emojicode programming language and much more...

  • Jan 10

    Data Science Recruitment of Freshers

    In this article, we have mentioned about the recruitment of data science. Data Science is a buzz for every technician...

Follow us

  • etutorialspoint facebook
  • etutorialspoint twitter
  • etutorialspoint linkedin
etutorialspoint youtube
About Us      Contact Us


  • eTutorialsPoint©Copyright 2016-2022. All Rights Reserved.