Store Passwords Securely with PHP

The Secure Passwords app generate unique passwords for every using the most secure bCrypt algorithm. The open source PHPass library also uses the Blowfish-based bcrypt library to create password hashes that you can use to store passwords in the database.

When the user enter a password during login, you can compute the hash and compare it with the hash in your database. This is more secure than other algorithms like md5, sha1, sha512, etc since they can be reversed though brutal force.


<?php
// Include the phpass library
require 'PasswordHash.php';
 
// Try to use stronger but system-specific hashes, with a possible fallback to
// the weaker portable hashes.
$hasher = new PasswordHash(8, false);
 
// Hash the password and store result in the database
$hashedPassword = $hasher->HashPassword('correct password');
 
// Check if a user has provided the correct password by comparing what they typed with our hash
$hasher->CheckPassword('wrong password', $hashedPassword); // false 
$hasher->CheckPassword('correct password', $hashedPassword); // true
?>