This article mainly introduces PHP's Password_hash () use examples, need friends can refer to the following
Preface PHP5.5 provides a number of new features and API functions, one of which is the password hashing API (creating and verifying hash passwords). It contains 4 functions: Password_get_info (), Password_hash (), Password_needs_rehash (), Password_verify (). Before the PHP5.5, our encryption of the password may be more to use the MD5 or SHA1 encryption methods (no one like the csdn to save the text of it. ), such as: Echo MD5 ("123456"); Output: e10adc3949ba59abbe56e057f20f883e But simple MD5 encryption is easy to crack through the dictionary, just find a MD5 decrypt the site can get the original password. The Password hashing API provided by Password hashing API php5.5 is a good solution to these problems. Let's take a look at the Password_hash () function: The code is as follows: String Password_hash (String $password, Integer $algo [, array $options]) it has three parameters: password , hashing algorithms, options. The first two items are required. Let's use Password_hash () to simply create a hash password: Copy code code as follows: $pwd = "123456"; $hash = Password_hash ($pwd, Password_default); Echo $hash; The previous example output is similar: $2y$10$4kau4fnguolmrmsshgkeme3dbg5pm3diikfkiaknh.sf1tpbb4uo2 and refreshing the page the hash value changes constantly. After the hash value is created, we can use Password_verify () to verify that the password matches the hash value: The copy code is as follows: Boolean password_verify (String $password, string $hash) It receives 2 parameters: Password and hash value, and returns a Boolean value. Check that the previously generated hash value matches the password: code is as follows: if (password_verify $pwd, ' $2y$10$ 4kau4fnguolmrmsshgkeme3dbg5pm3diikfkiaknh.sf1tpbb4uO2 ')) { echo "password is correct";} else { : echo "password Error";} Basically use these 2 functions to create and verify the hash password securely, there are 2 other API functions: Code as follows: Password_get_info () & nbsp //View information about the hash value Password_needs_rehash () //check if a hash value is created using a specific algorithm and option three, comments Although the hash password created by Password_hash () is more secure, it reduces interoperability. If we use the MD5 method, in PHP with standard MD5 encryption, it is easy to verify in other languages, such as Node.js: Copy code as follows: var hash = crypto.createhash (' MD5 '). Update ("123456"). Digest (' Hex '); if (hash = = "e10adc3949ba59abbe56e057f20f883e") console.log (' password correct '); Hash values that are encrypted using Password_hash () are basically validated by PHP's password_verify. These 2 methods have pros and cons, is the use of MD5 (or SHA1, etc.) +salt (interference string) or the use of Password_hash () the specific circumstances of the choice.