PHP Password

Since PHP 7.x it is recommended to use the native password_hash() function (read more).

MD5 should be avoided since there are plenty of md5 dictionaries for helping to "crack" MD5 passwords like f.i. https://crackstation.net/.

Note: since password_hash() is native, therefore there are no dependencies with an external library.

  • Type (or paste) the character string in the textarea below and click on the Hash button; you'll get the hash of the password.
  • Use the password like in the code sample that will be given.

The hash of {{ PWD }} gives {{ HASH }} 

Sample PHP code:


// 1. For instance, retrieve the password from a protected file, outside the public folder
$hash = file_get_contents('../public/site/password.json');

// $hash now contain the resulting of password_hash("your_password", PASSWORD_DEFAULT)
// For instance $hash is equal to '{{ HASH }}'

// 2. Get the filled-in password, for instance, from a submitted form
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);

// 3. And verify if the filled in password is the expected one
if (password_verify($password, $hash)) {
    echo 'You can enter to this room, the password is correct.';
}

Store for instance the hash of this password in a database or any protected file (best outside your public folder) and don't use anymore your password in plain text but just verify the hash using password_verify().

Info: the hash will start with '$2y$' when the used algorithm is BCRYPT and with '$argon2i$' when Argon2i was used (which is much better).