FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How to hash a password in php ?





Pizza65
Hey Wink

Does anyone know how to hash a password in a SQL table with php ? I tried several times but nothing worked... Sad
Peterssidan
If you use the hashing function sha1 it will return a string that represents a 40 digit hexadecimal number.
Code:
$hash = sha1($password);


In the MySQL database you can store it as a CHAR(40) which is a string of fixed length 40.
Code:
mysql_query("UPDATE users SET password='$hash' WHERE id=$user_id");

When the user logs in you compute the hash of the password the same way as before and compare it to the password stored in the database.
Code:
$r = mysql_query("SELECT id, name, password FROM users WHERE name='$username'");
if ($r && ($user = mysql_fetch_array($r)))
{
   if ($user['password'] == sha1($password))
   {
      // Login success!
   }
   else
   {
      // Wrong password!
   }
}


It is also possible to store the hash as BINARY(20) which is a bit more complicated but is more space efficient.
Code:
mysql_query("UPDATE users SET password=UNHEX('$password') WHERE id=$user_id");

And when the user logs in:
Code:
$r = mysql_query("SELECT id, name, HEX(password) AS pass FROM users WHERE name='$username'");
if ($r && ($user = mysql_fetch_array($r)))
{
   if ($user['pass'] == sha1($password))
   {
      // Login success!
   }
   else
   {
      // Wrong password!
   }
}

Note how we use the MySQL functions UNHEX and HEX to convert between a hexadecimal string and binary data.

It is also recommended that each password hash is salted using a unique salt because that makes it much harder to crack in case someone gets their hands on your hashes.
eltole
Quote:
If you use the hashing function sha1 it will return a string that represents a 40 digit hexadecimal number.
Code:
$hash = sha1($password);


In the MySQL database you can store it as a CHAR(40) which is a string of fixed length 40.
Code:
mysql_query("UPDATE users SET password='$hash' WHERE id=$user_id");

When the user logs in you compute the hash of the password the same way as before and compare it to the password stored in the database.
Code:
$r = mysql_query("SELECT id, name, password FROM users WHERE name='$username'");
if ($r && ($user = mysql_fetch_array($r)))
{
if ($user['password'] == sha1($password))
{
// Login success!
}
else
{
// Wrong password!
}
}


It is also possible to store the hash as BINARY(20) which is a bit more complicated but is more space efficient.
Code:
mysql_query("UPDATE users SET password=UNHEX('$password') WHERE id=$user_id");

And when the user logs in:
Code:
$r = mysql_query("SELECT id, name, HEX(password) AS pass FROM users WHERE name='$username'");
if ($r && ($user = mysql_fetch_array($r)))
{
if ($user['pass'] == sha1($password))
{
// Login success!
}
else
{
// Wrong password!
}
}

Note how we use the MySQL functions UNHEX and HEX to convert between a hexadecimal string and binary data.

It is also recommended that each password hash is salted using a unique salt because that makes it much harder to crack in case someone gets their hands on your hashes.


That was indeed a good work man. Anyway u can try several methods:


http://php.net/manual/es/function.md5.php
http://php.net/manual/es/function.hash.php
http://php.net/manual/es/function.crypt.php

Etc...
Related topics
problem when using ob_start("ob_gzhandler") on php
Making a password protect page in dreamweaver
password php
Email - which do you think is most secure?
phpBB
Using Javascript to Encrypt Data then POST to PHP
how can i make a php script for enter username and password?
php+mysql password / login screen
PHP Username And Password Login Script, Using those to creat
md5() Password Protection
Are u up for the hack? - MD5 with salt
Mysql And PHP HELP PLZ
htaccess Password Protection
survey Insert in Php
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.