BestHub
Sign in
Backend Development 5 min read

PHP Password Encryption Methods: md5, password_hash, and crypt

This article explains three common PHP password encryption techniques—md5, password_hash, and crypt—providing detailed code examples and guidance on securely storing user passwords during registration and login processes.

php中文网 Courses
php中文网 Courses
php中文网 Courses
PHP Password Encryption Methods: md5, password_hash, and crypt

In web development, user registration and login require secure password storage; this article explains three common PHP password encryption methods with complete code examples.

1. Using md5 function

The simplest way to encrypt a password is using the md5 function, which converts any string into a 32‑character hash. The example below shows how to hash a password during user registration and store the hashed value in the database, then verify it during login by hashing the input password with md5 and comparing the results.

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 对密码进行加密
$encrypted_password = md5($password);

// 将加密后的密码存储到数据库中
// ...
?>

2. Using password_hash function

PHP 5.5+ introduced password_hash , which uses the BCrypt algorithm, automatically generates a salt, and stores it with the hash, offering a more secure solution. The following code demonstrates password hashing during registration and password verification during login using password_verify .

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 对密码进行加密
$encrypted_password = password_hash($password, PASSWORD_DEFAULT);

// 将加密后的密码存储到数据库中
// ...
?>

<?php
// 用户登录
$username = $_POST['username'];
$password = $_POST['password'];

// 从数据库中取出加密的密码
$encrypted_password = "从数据库中取出的加密密码";

// 对用户输入的密码进行验证
if (password_verify($password, $encrypted_password)) {
    // 登录成功
    // ...
} else {
    // 密码错误
    // ...
}
?>

3. Using crypt function

The crypt function leverages the UNIX crypt library. By generating a salt with mcrypt_create_iv and combining it with the password, you can create a secure hash. The example below shows registration and login handling using crypt for both hashing and verification.

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 使用salt生成加密的密码
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$encrypted_password = crypt($password, '$2y$10$' . $salt);

// 将加密后的密码存储到数据库中
// ...
?>

<?php
// 用户登录
$username = $_POST['username'];
$password = $_POST['password'];

// 从数据库中取出加密的密码
$encrypted_password = "从数据库中取出的加密密码";

// 对用户输入的密码进行验证
if (crypt($password, $encrypted_password) === $encrypted_password) {
    // 登录成功
    // ...
} else {
    // 密码错误
    // ...
}
?>

Conclusion

Encrypting passwords for user registration and login is essential for security. The article covered three common PHP functions— md5 , password_hash , and crypt —with code samples, recommending the use of stronger algorithms and proper salts to enhance password protection.

BackendsecurityPHPMD5cryptpassword hashingpassword_hash
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment