Pruned889
Custom Script Developer
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
In this tutorial, you will how to use the Different built-in functions of PHP for encrypting or hashing passwords. The tutorial aims to provide a reference for students or self-learners that are learning and planning to develop an application using PHP Language. The tutorial can help you to secure your application's user password. Here, snippets and a sample login and registration source code that demonstrates the password hashing or encryption are provided and free to download.
What is Hashing?
Hashing is a way or process that converts or transforms any given string or key into an encrypted value. In programming, it generates a new value according to the mathematical algorithm that is available to programming languages. This process is commonly used for encrypting passwords.
What are the Different built-in functions in PHP for hashing?
PHP comes with multiple functions and some of them are used for hashing keys or values. The below functions are the most common and used for hashing a string.
Sample Hash Generation
What is the Best Function to Encrypt Passwords in PHP?
Encrypting the passwords of your site users is the best practice and feature that must implement for a certain site or web application. It is one of the ways for securing your site data from malicious hackers.
The best hashing function for securing your users' passwords is the password_hash(). Although MD5 and SHA1 functions can be also used for hashing passwords, these functions are too weak, simple, and not-salted hashes that are vulnerable to rainbow tables and dictionary attacks. Furthermore, requiring your users to provide a password such as a password that contains an alphanumeric with valid symbols and characters will result in a strong password and complicated for hackers to decrypt.
Example
Here are some scripts of an example web application that demonstrate the usage of the password_hash() function of PHP. The application is a simple login and registration system for a certain site.
Database Schema
Database Name: sample_login
Registration
The below script contains the HTML code for the registration form page interface and PHP codes for hashing the password and inserting the user details into the database.
register.php
Output
Login
The script below contains the HTML code of the login form page interface and PHP codes for checking or validating the entered user credentials.
login.php
Output
DEMO VIDEO
That's it! I have provided also the source code zip that I created for this tutorial on this site and is free to download. Feel free to download it by clicking the download button located below this tutorial's content.
That's the end of this tutorial. I hope this Password Hashing in PHP tutorial will help you with what you are looking for and will be useful for your current and future PHP Projects.
Explore more on this website for more Tutorials and Free Source Codes.
Happy Coding =)
Download
What is Hashing?
Hashing is a way or process that converts or transforms any given string or key into an encrypted value. In programming, it generates a new value according to the mathematical algorithm that is available to programming languages. This process is commonly used for encrypting passwords.
What are the Different built-in functions in PHP for hashing?
PHP comes with multiple functions and some of them are used for hashing keys or values. The below functions are the most common and used for hashing a string.
- md5() - a hashing function of PHP that calculate the md5 hash of the given string.
- sha1() - a hashing function of PHP that calculate the sha1 hash of the given string.
- hash() - a hashing function of PHP that generates a hash value of the given string or key. This function can generate hash values using multiple algorithms such as md5, sha256, etc.
- password_hash() - a hashing function for generating the password hash value. This function generates a strong one-way hashing algorithm and also supports multiple other algorithms.
Sample Hash Generation
What is the Best Function to Encrypt Passwords in PHP?
Encrypting the passwords of your site users is the best practice and feature that must implement for a certain site or web application. It is one of the ways for securing your site data from malicious hackers.
The best hashing function for securing your users' passwords is the password_hash(). Although MD5 and SHA1 functions can be also used for hashing passwords, these functions are too weak, simple, and not-salted hashes that are vulnerable to rainbow tables and dictionary attacks. Furthermore, requiring your users to provide a password such as a password that contains an alphanumeric with valid symbols and characters will result in a strong password and complicated for hackers to decrypt.
Example
Here are some scripts of an example web application that demonstrate the usage of the password_hash() function of PHP. The application is a simple login and registration system for a certain site.
Database Schema
Database Name: sample_login
- CREATE
TABLE
`users`
(
- `id`
int
(
30
)
NOT
NULL
PRIMARY KEY
AUTO_INCREMENT
,
- `name`
text
NOT
NULL
,
- `email`
text
NOT
NULL
,
- `password`
text
NOT
NULL
- )
ENGINE
=
InnoDB
DEFAULT
CHARSET
=
utf8mb4;
Registration
The below script contains the HTML code for the registration form page interface and PHP codes for hashing the password and inserting the user details into the database.
register.php
- <?php
- if(
$_SERVER[
'REQUEST_METHOD'
]
==
'POST'
)
{
- include_once(
"db-connect.php"
)
;
- extract(
$_POST)
;
- $password =
password_hash(
$password, PASSWORD_DEFAULT)
;
- $check_duplicate =
$conn->
query("SELECT id FROM `users` where `email` = '{$email}'")->num_rows;
- if($check_duplicate < 1
)
{
- $sql =
"INSERT INTO `users` (`name`, `email`, `password`) VALUES ('{$name}', '{$email}', '{$password}')"
;
- $insert =
$conn->
query($sql);
- if($insert){
- echo "<script
>
alert('Account has been created successfully.'); location.replace('login.php');</
script
>
";
- exit;
- }else{
- echo "<script
>
alert('Registration Failed!.');</
script
>
";
- }
- }else{
- echo "<script
>
alert('Registration Failed! Email already exists.');</
script
>
";
- }
- }
- ?>
- <!DOCTYPE html>
- <html
lang
=
"en"
>
- <head
>
- <meta
charset
=
"UTF-8"
>
- <meta
http-equiv
=
"X-UA-Compatible"
content
=
"IE=edge"
>
- <meta
name
=
"viewport"
content
=
"width=device-width, initial-scale=1.0"
>
- <title
>
PHP - Password Hashing</
title
>
- <link
rel
=
"stylesheet"
href
=
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css"
integrity=
"sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A=="
crossorigin=
"anonymous"
referrerpolicy=
"no-referrer"
/
>
- <link
rel
=
"stylesheet"
href
=
"https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"
>
- <link
rel
=
"stylesheet"
href
=
"assets/css/styles.css"
>
- <script
src
=
"https://code.jquery.com/jquery-3.6.1.js"
integrity=
"sha256-3zlB5s2uwoUzrXK3BT7AX3FyvojsraNFxCc2vC/7pNI="
crossorigin=
"anonymous"
></
script
>
- <script
src
=
"https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
></
script
>
- <script
src
=
"assets/js/script.js"
></
script
>
- </
head
>
- <body
>
- <script
>
- start_loader()
- </
script
>
- <main>
- <nav
class
=
"navbar navbar-expand-lg navbar-dark bg-gradient"
>
- <div
class
=
"container"
>
- <a
class
=
"navbar-brand"
href
=
"./"
>
PHP - Password Hashing</
a
>
- <button
class
=
"navbar-toggler"
type
=
"button"
data-bs-toggle=
"collapse"
data-bs-target
=
"#navbarNav"
aria-controls=
"navbarNav"
aria-expanded=
"false"
aria-label
=
"Toggle navigation"
>
- <span
class
=
"navbar-toggler-icon"
></
span
>
- </
button
>
- <div
class
=
"collapse navbar-collapse"
id
=
"navbarNav"
>
- <ul
class
=
"navbar-nav"
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link"
href
=
"./"
>
Home</
a
>
- </
li
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link"
href
=
"login.php"
>
Login</
a
>
- </
li
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link active"
aria-current=
"page"
href
=
"register.php"
>
Registration</
a
>
- </
li
>
- </
ul
>
- </
div
>
- <a
href
=
"https://sourcecodester.com"
class
=
"text-light fw-bolder h6 text-decoration-none"
target
=
"_blank"
>
SourceCodester</
a
>
- </
div
>
- </
nav
>
- <div
id
=
"main-wrapper"
>
- <div
class
=
"container-md px-5 my-3"
>
- <div
class
=
"col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto"
>
- <div
class
=
"card rounded-0 shadow"
>
- <div
class
=
"card-header rounded-0"
>
- <div
class
=
"card-title"
><b
>
Registration</
b
></
div
>
- </
div
>
- <div
class
=
"card-body rounded-0"
>
- <div
class
=
"container-fluid"
>
- <form
action
=
""
id
=
"register"
method
=
"POST"
>
- <div
class
=
"mb-3"
>
- <label
for
=
"name"
class
=
"form-label fw-light"
>
Name</
label
>
- <input
type
=
"text"
class
=
"form-control rounded-0"
name
=
"name"
id
=
"name"
value
=
"<?= $_POST['name'] ?? "
" ?>
" required>
- </
div
>
- <div
class
=
"mb-3"
>
- <label
for
=
"email"
class
=
"form-label fw-light"
>
Email</
label
>
- <input
type
=
"text"
class
=
"form-control rounded-0"
name
=
"email"
id
=
"email"
value
=
"<?= $_POST['email'] ?? "
" ?>
" required>
- </
div
>
- <div
class
=
"mb-3"
>
- <label
for
=
"password"
class
=
"form-label fw-light"
>
Password</
label
>
- <input
type
=
"password"
class
=
"form-control rounded-0"
name
=
"password"
id
=
"password"
value
=
""
required>
- </
div
>
- <div
class
=
"mb-3 text-center"
>
- <div
class
=
"col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto"
>
- <button
class
=
"btn btn-primary rounded-pill"
>
Register</
button
>
- </
div
>
- </
div
>
- </
form
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- <footer
class
=
"shadow-top py-4 col-auto"
>
- <div
class
=
""
>
- <div
class
=
"text-center"
>
- All Rights Reserved ©
<span
id
=
"dt-year"
></
span
>
| <span
class
=
"text-muted"
>
PHP - Password Hashing</
span
>
- </
div
>
- <div
class
=
"text-center"
>
- <a
href
=
"mailto:[email protected]"
class
=
"text-decoration-none text-body-secondary"
>
[email protected]</
a
>
- </
div
>
- </
div
>
- </
footer
>
- </
main>
- </
body
>
- </
html
>
Output
Login
The script below contains the HTML code of the login form page interface and PHP codes for checking or validating the entered user credentials.
login.php
- <?php
- if(
$_SERVER[
'REQUEST_METHOD'
]
==
'POST'
)
{
- include_once(
"db-connect.php"
)
;
- extract(
$_POST)
;
- $sql =
"SELECT * FROM `users` where `email` = '{$email}'"
;
- $get =
$conn->
query($sql);
- if($get->num_rows > 0){
- $data = $get->fetch_assoc();
- $is_verify = password_verify($password, $data['password']);
- if($is_verify){
- echo "<script
>
alert('Welcome {$data['name']}!'); location.replace('index.php');</
script
>
";
- }else{
- echo "<script
>
alert('Login Failed!.');</
script
>
";
- }
- }
- }
- ?>
- <!DOCTYPE html>
- <html
lang
=
"en"
>
- <head
>
- <meta
charset
=
"UTF-8"
>
- <meta
http-equiv
=
"X-UA-Compatible"
content
=
"IE=edge"
>
- <meta
name
=
"viewport"
content
=
"width=device-width, initial-scale=1.0"
>
- <title
>
PHP - Password Hashing</
title
>
- <link
rel
=
"stylesheet"
href
=
"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css"
integrity=
"sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A=="
crossorigin=
"anonymous"
referrerpolicy=
"no-referrer"
/
>
- <link
rel
=
"stylesheet"
href
=
"https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"
>
- <link
rel
=
"stylesheet"
href
=
"assets/css/styles.css"
>
- <script
src
=
"https://code.jquery.com/jquery-3.6.1.js"
integrity=
"sha256-3zlB5s2uwoUzrXK3BT7AX3FyvojsraNFxCc2vC/7pNI="
crossorigin=
"anonymous"
></
script
>
- <script
src
=
"https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
></
script
>
- <script
src
=
"assets/js/script.js"
></
script
>
- </
head
>
- <body
>
- <script
>
- start_loader()
- </
script
>
- <main>
- <nav
class
=
"navbar navbar-expand-lg navbar-dark bg-gradient"
>
- <div
class
=
"container"
>
- <a
class
=
"navbar-brand"
href
=
"./"
>
PHP - Password Hashing</
a
>
- <button
class
=
"navbar-toggler"
type
=
"button"
data-bs-toggle=
"collapse"
data-bs-target
=
"#navbarNav"
aria-controls=
"navbarNav"
aria-expanded=
"false"
aria-label
=
"Toggle navigation"
>
- <span
class
=
"navbar-toggler-icon"
></
span
>
- </
button
>
- <div
class
=
"collapse navbar-collapse"
id
=
"navbarNav"
>
- <ul
class
=
"navbar-nav"
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link"
href
=
"./"
>
Home</
a
>
- </
li
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link active"
aria-current=
"page"
href
=
"login.php"
>
Login</
a
>
- </
li
>
- <li
class
=
"nav-item"
>
- <a
class
=
"nav-link"
href
=
"register.php"
>
Registration</
a
>
- </
li
>
- </
ul
>
- </
div
>
- <a
href
=
"https://sourcecodester.com"
class
=
"text-light fw-bolder h6 text-decoration-none"
target
=
"_blank"
>
SourceCodester</
a
>
- </
div
>
- </
nav
>
- <div
id
=
"main-wrapper"
>
- <div
class
=
"container-md px-5 my-3"
>
- <div
class
=
"col-lg-7 col-md-8 col-sm-10 col-xs-12 mx-auto"
>
- <div
class
=
"card rounded-0 shadow"
>
- <div
class
=
"card-header rounded-0"
>
- <div
class
=
"card-title"
><b
>
Login</
b
></
div
>
- </
div
>
- <div
class
=
"card-body rounded-0"
>
- <div
class
=
"container-fluid"
>
- <form
action
=
""
id
=
"register"
method
=
"POST"
>
- <div
class
=
"mb-3"
>
- <label
for
=
"email"
class
=
"form-label fw-light"
>
Email</
label
>
- <input
type
=
"text"
class
=
"form-control rounded-0"
name
=
"email"
id
=
"email"
value
=
"<?= $_POST['email'] ?? "
" ?>
" required>
- </
div
>
- <div
class
=
"mb-3"
>
- <label
for
=
"password"
class
=
"form-label fw-light"
>
Password</
label
>
- <input
type
=
"password"
class
=
"form-control rounded-0"
name
=
"password"
id
=
"password"
value
=
""
required>
- </
div
>
- <div
class
=
"mb-3 text-center"
>
- <div
class
=
"col-lg-4 col-md-6 col-sm-10 col-sm-12 mx-auto"
>
- <button
class
=
"btn btn-primary rounded-pill"
>
Login</
button
>
- </
div
>
- </
div
>
- </
form
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- </
div
>
- <footer
class
=
"shadow-top py-4 col-auto"
>
- <div
class
=
""
>
- <div
class
=
"text-center"
>
- All Rights Reserved ©
<span
id
=
"dt-year"
></
span
>
| <span
class
=
"text-muted"
>
PHP - Password Hashing</
span
>
- </
div
>
- <div
class
=
"text-center"
>
- <a
href
=
"mailto:[email protected]"
class
=
"text-decoration-none text-body-secondary"
>
[email protected]</
a
>
- </
div
>
- </
div
>
- </
footer
>
- </
main>
- </
body
>
- </
html
>
Output
DEMO VIDEO
That's it! I have provided also the source code zip that I created for this tutorial on this site and is free to download. Feel free to download it by clicking the download button located below this tutorial's content.
That's the end of this tutorial. I hope this Password Hashing in PHP tutorial will help you with what you are looking for and will be useful for your current and future PHP Projects.
Explore more on this website for more Tutorials and Free Source Codes.
Happy Coding =)
Download
You must upgrade your account or reply in the thread to view hidden text.