Blog Categories  Tips & Tricks Contact

HOME PHP HOW TO SECURE PASSWORD USING BCRYPT IN PHP?

RECENT POSTS

How to Secure Password Using

bcrypt in PHP?
How to Secure Password Using bcrypt in
How to Make a DataTable in
PHP? ReactJS?

HOW TO PHP How to Inline Style in ReactJS?

AMAN MEHRA APRIL 26, 2021 LEAVE A COMMENT How to Install WordPress Theme
(2021 Edition)?
Tweet on Twitter Share on Facebook
How to Install WordPress –
Beginners Guide?

CATEGORIES

How To

PHP

ReactJS

Tips & Tricks

WooCommerce

WordPress

In this tutorial, I will show you how to secure passwords using bcrypt in PHP?
This tutorial will be point-to-point so each level of the developer can understand
MOST VIEWED POSTS
easily. I will explain every point related to this topic. So please read till the end.
WooCommerce Remove
Update Cart Button and
Everyone knows that the plain text password stored in the database is not
Make it Automatically
secure and attackers can easily crack this password. So do not store plain text Update.
October 5, 2020
as a password.
How to Change Price of

Why You Should Not Use Plain Text Password? Speci c Product and
Quantity in Cart?
October 14, 2020
You should never use simple plain text as a password in the database. It will be
How to Redirect to
very risky and you can lose your data because a plain text password is very easy
Checkout After Add to
to crack for attackers. Cart?
October 16, 2020

If you enter a password like “password123” and store it in the database the
How can I Prevent SQL
same as it then you will be in trouble, attackers can harm your all data or can Injection in PHP?
October 7, 2020
delete it. So always used alphanumeric and special characters in the password
and then make it hash the password using the inbuilt function password_hash()
in PHP. Upload Multiple Featured
Images in a Post OR Page
January 4, 2021
The password_hash() is the inbuilt function and uses a strong algorithm to
make the password secure. We will understand below with an example.

What is the mean Encrypt and Decrypt FOLLOW US

Password? Stay updated via social channels

We all use to say encrypt the password or decrypt the password but actually,
there is no algorithm for decrypt the password. We can only encrypt the
password add salt to make it secure using inbuilt functions like
password_hash(), md5(), and sha1(). But I would suggest you use the
password_hash() function. It is very secure. And it is available for PHP 5.5 or
above.

Are you wonder, then how you can know that if a user enters the correct
password or not? It is very simple and easy to understand how the
password_hash() algorithm works.
So, when the user enters the password then we don’t check this plain text match
with that password stored in the database. Actually, we compare the two hashes
password. Firstly, we convert the user input password into a hash password and
then we compare this with the stored password in the database. If two hashes
match then the user input password is correct.

Bcrypt in PHP Using password_hash()

As I said above, the password_hash() function is an inbuilt function in PHP 5.5

or above. It uses a very strong algorithm to create a new password hash. It is
very tough for attackers to crack the password of this algorithm. This is a one-
way algorithm, which means you cannot get the original text back after
encrypting with this function. You have to use the password_verify() function for
comparison to check the user has entered the wrong password or not.

The password_hash() function is compatible with crypt() function, which means

those password hashes created by crypt() function can be used
password_hash() function for comparison.

Syntax

password_hash ( string $password , mixed $algorithm ,

array $options)

In this function, all parameter has a different role like:

$password: This parameter used to hold the user password
$algorithm: This will be the password algorithm name which one we want to
use.
$options: This will an associative array with salt name. If we leave it as blank
then password_hash() function will use randomly salt to make a secure
password.

The following algorithms are currently supported:

1. PASSWORD_DEFAULT
2. PASSWORD_BCRYPT
3. PASSWORD_ARGON2I
4. PASSWORD_ARGON2ID

You can read more about these algorithms here.

Let’s see the examples of each algorithms:

PASSWORD_DEFAULT

1 <?php
2 echo password_hash("yourblogcoach@123", PASSWORD_DE
3
4 //OUTPUT: $2y$10$4L9C4Cr5izA6e4Bc40JjXOmGkp3TBHwJkV
5 ?>

PASSWORD_BCRYPT

1 <?php
2 $options = [
3 'cost' => 16,
4 ];
5
6 echo password_hash("yourblogcoach@123", PASSWORD_BC
7
8 //OUTPUT: $2y$16$yuRHH6hWO.WsoKlD/hfP3.ZCdZpyp2b.KV
9 ?>

PASSWORD_ARGON2I

1 <?php
2 $options = [
3 'cost' => 5,
 4 ];
5
6 echo password_hash("yourblogcoach@123", PASSWORD_AR
7
8 //OUTPUT: $argon2i$v=19$m=65536,t=4,p=1$a0p1b3VxZXN
9 ?>

PASSWORD_ARGON2ID

1 <?php
2 $options = [
3 'cost' => 5,
4 ];
5
6 echo password_hash("yourblogcoach@123", PASSWORD_AR
7
8 //OUTPUT: $argon2id$v=19$m=65536,t=4,p=1$c0g5RkVVZ1
9 ?>

So these are the examples of each algorithms. Check it carefully and see the
difference of each one.

Note: PASSWORD_ARGON2I and PASSWORD_ARGON2ID algorithms will only

work if PHP has been compiled with Argon2 support.

How to Verify Users Password

Ok. So you have saved the password hash in the database using the above
function with bcrypt in PHP and now want to con rm the users entered the
correct password or wrong. So, for this we need to use password_verify()
function. It will compare the user entered password and database stored
password. If it match then it means password is correct and you can make
speci c condition on success at this step in code.

Let’s see the example below:

1 $servername = "localhost";
2 $uname = "root";
3 $pass = "";
4 $dbname = "myDB";
5
6 // Create connection
7 $conn = new mysqli($servername, $uname, $pass, $dbname)
8 // Check connection
9 if ($conn->connect_error) {
10 die("Connection failed: " . $conn->connect_error);
11 }
12
13 //Input Value
14 $username= $_POST['username'];
15 $password = $_POST['password'];
16
17 $user_sql = "SELECT id, username, password FROM users WH
18 $user_result = $conn->query($user_sql);
19
20 $db_password = '';
21 while($row = $user_result->fetch_assoc()) {
22 $db_password = $row["password"];
23 }
24
25 if($user_result !== false){
26 //Compare the password attempt with the password we
27 $validPassword = password_verify($password, $db_pass
28 if($validPassword){
29 //your code here on success
30 }
31 }
32
33 $conn->close();
Explain the above code what I did in code?
Firstly, I made a connection to my host server and connect it. Then I get the
user’s value from the database belongs to this user with matches the username
condition. And then nally we have both value user input password and stored
password. So we compare these two password with password_verify() function
to check password is correct or not. It is very simple check it line by line.

So, That’s it.

I hope you understand how to secure password using bcrypt in PHP. If you still
have any query then let me know I will help you with that.

READ MORE ARTICLE

How to Prevent SQL Injection in PHP to save your data from the attackers.

BCRYPT CRACK PASSWORD HASH PASSWORD PHP SECURE PASSWORD

Tweet on Twitter Share on Facebook

YOU MAY ALSO LIKE

How to Make a DataTable in How to Inline Style in ReactJS?

ReactJS?

How to Install WordPress Theme How to Install WordPress –

(2021 Edition)? Beginners Guide?

How to Add jQuery Script to How to Add Text after OR before Cart
WordPress? Button in WooCommerce?

ABOUT THE AUTHOR: AMAN MEHRA

Hey! I'm Aman Mehra and I'm a full-stack developer and have 5+
years of experience. I love coding and nd solutions to bugs.

LEAVE A REPLY

Your email address will not be published. Required elds are marked *

Comment

Save my name, email, and website in this browser for the next time I comment.
 Name * Email * Website

POST COMMENT

ABOUT QUICK LINKS RECENT POSTS JOIN OUR NEWSLETTER

Your Blog Coach is the best site Blog How to Secure Password Using Name
for nding the solution to any bcrypt in PHP?
WordPress
issue related to coding and learn
How to Make a DataTable in
more cool stuff and tricks. WooCommerce Email
ReactJS?
Contact
How to Inline Style in ReactJS?

SUBSCRIBE

© 2020 Your Blog Coach Privacy Policy Terms and Conditions Sitemap