{"id":2149,"date":"2019-08-17T20:52:51","date_gmt":"2019-08-17T19:52:51","guid":{"rendered":"https:\/\/ibex.tech\/cloud\/?p=2149"},"modified":"2022-02-17T07:13:49","modified_gmt":"2022-02-17T07:13:49","slug":"php-password-hash-function","status":"publish","type":"post","link":"https:\/\/ibex.tech\/cloud\/php\/security\/php-password-hash-function","title":{"rendered":"PHP Password Hash Function"},"content":{"rendered":"\n

password_hash() handles salting and algorithhm selection for you, its baked into PHP, just use it and don’t worry about how to hash and salt.<\/p>\n\n\n\n

  $HashedPassword = password_hash($UsersEnteredPassword, PASSWORD_BCRYPT);\n  \/\/\n  \/\/$HashedPassword The result will always be a 60 character string, or FALSE on failure.  The string  incorporates the algorithm used, cost and salt as part of the returned hash.\n  \/\/You store the string in your db (no need to sepeeratly store salt) and then use it to verify passwords later.\n  \/\/Future hashing may return more than 60 characters if the defautl algorithm moves away from bcrypt, so you should store in a db column that can take 255 characters\n  \/\/To verify it:\n  if (password_verify($UsersEnteredPassword, $HashedPassword))<\/code><\/pre>\n\n\n\n
BCRYPT output uses a fixed limited character set and is OK to use directly in SQL strings.<\/p>\n\n\n\n
If you need to force to fixed settings<\/h4>\n\n\n\n
  \/\/Normally password_hash() picks the algorithm, cost and salt for you and stores it within the hash.  However if you need fixed settings for some reason you can use like this\n  $HashedPassword = password_hash($UsersEnteredPassword, PASSWORD_BCRYPT, ['cost' => 10, 'salt' => ':bKRL@`8Ax]k7G7DM^6g&efeU52H\/-p']);      \n  if ($HashedPassword == FALSE )\n    return;<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
password_hash() handles salting and algorithhm selection for you, its baked into PHP, just use it and don’t worry about how to hash and salt. BCRYPT output uses a fixed limited character set and is OK to use directly in SQL strings. If you need to force to fixed settings<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-2149","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/2149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/comments?post=2149"}],"version-history":[{"count":3,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/2149\/revisions"}],"predecessor-version":[{"id":2212,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/posts\/2149\/revisions\/2212"}],"wp:attachment":[{"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/media?parent=2149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/categories?post=2149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ibex.tech\/cloud\/wp-json\/wp\/v2\/tags?post=2149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}