Home  >  Article  >  Backend Development  >  Detailed explanation of password security in PHP Password Hashing

Detailed explanation of password security in PHP Password Hashing

墨辰丷
墨辰丷Original
2018-05-26 11:10:571768browse

This article mainly introduces the detailed explanation of Password Hashing in PHP. Interested friends can refer to it. I hope it will be helpful to everyone.

If you are still using md5 encryption, it is recommended to take a look at the password encryption and verification methods below.

Let’s look at a simple Password Hashing example:

<?php

//require &#39;password.php&#39;;
/**
 * 正确的密码是secret-password
 * $passwordHash 是hash 后存储的密码
 * password_verify()用于将用户输入的密码和数据库存储的密码比对。成功返回true,否则false
 */
$passwordHash = password_hash(&#39;secret-password&#39;, PASSWORD_DEFAULT);
echo $passwordHash;
if (password_verify(&#39;bad-password&#39;, $passwordHash)) {
  // Correct Password
  echo &#39;Correct Password&#39;;
} else {
  echo &#39;Wrong password&#39;;
  // Wrong password
}

Below The code provides a complete simulated User class, in which, by using Password Hashing, the user's password can be processed securely and support changing security requirements in the future.

<?php
class User
{
  // Store password options so that rehash & hash can share them:
  const HASH = PASSWORD_DEFAULT;
  const COST = 14;//可以确定该算法应多复杂,进而确定生成哈希值将花费多长时间。(将此值视为更改算法本身重新运行的次数,以减缓计算。)

  // Internal data storage about the user:
  public $data;

  // Mock constructor:
  public function __construct() {
    // Read data from the database, storing it into $data such as:
    // $data->passwordHash and $data->username
    $this->data = new stdClass();
    $this->data->passwordHash = &#39;dbd014125a4bad51db85f27279f1040a&#39;;
  }

  // Mock save functionality
  public function save() {
    // Store the data from $data back into the database
  }

  // Allow for changing a new password:
  public function setPassword($password) {
    $this->data->passwordHash = password_hash($password, self::HASH, [&#39;cost&#39; => self::COST]);
  }

  // Logic for logging a user in:
  public function login($password) {
    // First see if they gave the right password:
    echo "Login: ", $this->data->passwordHash, "\n";
    if (password_verify($password, $this->data->passwordHash)) {
      // Success - Now see if their password needs rehashed
      if (password_needs_rehash($this->data->passwordHash, self::HASH, [&#39;cost&#39; => self::COST])) {
        // We need to rehash the password, and save it. Just call setPassword
        $this->setPassword($password);
        $this->save();
      }
      return true; // Or do what you need to mark the user as logged in.
    }
    return false;
  }
}

The above is the entire content of this article, I hope it will be helpful to everyone's study.


Related recommendations:

Auth uses salt and password for user authentication examples

Detailed explanation of Laravel using salt and passwordAuthentication by modifying Auth

Using salt and password# by modifying Laravel Auth ##Detailed explanation of authenticating users

The above is the detailed content of Detailed explanation of password security in PHP Password Hashing. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn