开发者

what are the php commands to create and retrieve password with SHA-256 encryption?

开发者 https://www.devze.com 2023-02-26 11:47 出处:网络
Newbie here. I\'m trying to encrypt the user password using SHA-256 after they\'ve made their account and then when the user tries to log in, it will try to match their input with any of the encrypted

Newbie here. I'm trying to encrypt the user password using SHA-256 after they've made their account and then when the user tries to log in, it will try to match their input with any of the encrypted passwords in the mysql database. I was wonderin开发者_JS百科g if someone could give me an example code?


Hashing works one-way, so you cannot really 'retrieve' what you have hashed.

When you save the password on registration, use something like this:

$hash=hash('sha256', $password);

And only save $hash in the database. When the user tries to log in, hash the password he tries to use and compare it to the one in the database (hashing will always give the same result for the same input). If they are the same, he can be logged in (if all additional checks are satisfied).

If you want to let the user recover his forgotten pass, refer to this earlier question.

Also, the best practice in hashing passwords is to use some kind of salt, which is out of the scope of this question, but please google it.


If using PHP >= 5.5, you should be using password_hash() for storing passwords, and password_verify() to check. If using PHP >= 5.3, you should be using this compatibility module. If using an earlier version of PHP, you should upgrade.

Do not roll your own password hashing. There is no stressing this enough. Take a look at John the Ripper to see how fast passwords that have only been hashed with cryptographic hashes (that are designed to be fast!) can be cracked.

0

精彩评论

暂无评论...
验证码 换一张
取 消