| Function | Description |
|---|---|
| password_hash($password, $algorithm) | Creates a new hash of the password using a strong salt and a strong one-way encryption algorithm. |
| password_verify($password, $hash | Returns TRUE if the specified password matches the specified hash. |
| Constant | Description |
|---|---|
| PASSWORD_BCRYPT | Uses the bcrypt algorithm to create a hash that’s 60 characters long. |
| PASSWORD_DEFAULT | Uses the default algorithm of the password_hash() function. With PHP 5.5 and 7.1, the default algorithm is bcrypt. However, this default may change as newer and stronger algorithms become available. This may cause the number of characters in the hash to increase beyond the current 60 characters. |
$password = 's3sam3';
$hash = password_hash($password, PASSWORD_DEFAULT); // up to 255 chars
$valid_password = password_verify('s3sam3',
'$2y$10$xIqN2cVy8HVuKNKUwxFQR.xRP9oRj.FF8r52spVc.XCaEFy7iLHmu');
if ($valid_password) {
echo("Password is valid.</p>");
}
password_hash() and password_verify() functions to hash passwords and to verify whether the hashes are valid.PASSWORD_DEFAULT constant with the password_hash() function, it’s considered a best practice to store the hash in a database column that can accept 255 characters.