更新时间:2023-12-03 20:31:11
Make your life easier and store your passwords more safe, with the function password_hash().
The SHA-* algorithms are not appropriate for hashing passwords, because they are ways too fast. The function password_hash() will not only calculate a better suited BCrypt hash, it will also take care of the generation of a safe salt, and you won't have to store/retrieve the salt in a separate database field (it will become part of the resulting hash-value).
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_BCRYPT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);