Password Security in PHP password hashing detailed

This article mainly introduces the password security in PHP password hashing detailed, interested in the friend's reference, I hope to be helpful to everyone.

If you are still using MD5 encryption, it is recommended to look at the password encryption and authentication methods below.

Let's look at a simple password hashing example:

<?php//require ' password.php ';/** * The correct password is Secret-password * $passwordHash is the password stored after the hash * password_verify () Used to compare the password entered by the user with the password stored by the database. Success returns TRUE, otherwise false */$passwordHash = Password_hash (' Secret-password ', password_default); Echo $passwordHash; if ( Password_verify (' Bad-password ', $passwordHash)) {  //Correct password  echo ' Correct password ';} else {  echo ' wrong password ';  Wrong password}

The code below provides a complete simulated user class in which the user's password can be handled securely and the security requirements of the future will be changed by using password Hashing.

<?phpclass user{//Store password options so rehash & hash can share them:const hash = Password_default; Const COST = 14;//can determine how complex the algorithm should be, and then determine how long it will take to generate the hash value. (this value is treated as the number of times the algorithm itself is rerun to slow down the calculation.)  )//Internal data storage about the User:public $data;    Mock constructor:public function __construct () {///Read data from the database, storing it into $data such as:    $data->passwordhash and $data->username $this->data = new StdClass ();  $this->data->passwordhash = ' dbd014125a4bad51db85f27279f1040a '; }//Mock Save functionality Public Function Save () {//Store the data from $data to the The database}//Allo W for changing a new Password:public function SetPassword ($password) {$this->data->passwordhash = Password_has  H ($password, Self::hash, [' cost ' = Self::cost]);    }//Logic for logging a user In:public function login ($password) {//First see if they gave the right password: echo "Login:", $this->data->passworDhash, "\ n"; if (Password_verify ($password, $this->data->passwordhash)) {//Success-now see if their password needs Rehas  Hed if (Password_needs_rehash ($this->data->passwordhash, Self::hash, [' cost ' = = Self::cost])) {//We Need to rehash the password, and save it.        Just Call SetPassword $this->setpassword ($password);      $this->save (); } return true;    Need to mark the user as logged in.  } return false; }}

The above is the whole content of this article, I hope that everyone's study has helped.