BestHub
Sign in
Backend Development 5 min read

PHP Password Encryption Methods: md5, password_hash, and crypt

This article explains three common PHP password encryption techniques—md5, password_hash, and crypt—providing detailed code examples and guidance on securely storing user passwords during registration and login processes.

php Courses
php Courses
php Courses
PHP Password Encryption Methods: md5, password_hash, and crypt

In web development, user registration and login require secure password storage; this article explains three common PHP password encryption methods with complete code examples.

1. Using md5 function

The simplest way to encrypt a password is using the md5 function, which converts any string into a 32‑character hash. The example below shows how to hash a password during user registration and store the hashed value in the database, then verify it during login by hashing the input password with md5 and comparing the results.

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 对密码进行加密
$encrypted_password = md5($password);

// 将加密后的密码存储到数据库中
// ...
?>

2. Using password_hash function

PHP 5.5+ introduced password_hash, which uses the BCrypt algorithm, automatically generates a salt, and stores it with the hash, offering a more secure solution. The following code demonstrates password hashing during registration and password verification during login using password_verify.

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 对密码进行加密
$encrypted_password = password_hash($password, PASSWORD_DEFAULT);

// 将加密后的密码存储到数据库中
// ...
?>

<?php
// 用户登录
$username = $_POST['username'];
$password = $_POST['password'];

// 从数据库中取出加密的密码
$encrypted_password = "从数据库中取出的加密密码";

// 对用户输入的密码进行验证
if (password_verify($password, $encrypted_password)) {
    // 登录成功
    // ...
} else {
    // 密码错误
    // ...
}
?>

3. Using crypt function

The crypt function leverages the UNIX crypt library. By generating a salt with mcrypt_create_iv and combining it with the password, you can create a secure hash. The example below shows registration and login handling using crypt for both hashing and verification.

<?php
// 用户注册
$username = $_POST['username'];
$password = $_POST['password'];

// 使用salt生成加密的密码
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$encrypted_password = crypt($password, '$2y$10$' . $salt);

// 将加密后的密码存储到数据库中
// ...
?>

<?php
// 用户登录
$username = $_POST['username'];
$password = $_POST['password'];

// 从数据库中取出加密的密码
$encrypted_password = "从数据库中取出的加密密码";

// 对用户输入的密码进行验证
if (crypt($password, $encrypted_password) === $encrypted_password) {
    // 登录成功
    // ...
} else {
    // 密码错误
    // ...
}
?>

Conclusion

Encrypting passwords for user registration and login is essential for security. The article covered three common PHP functions— md5, password_hash, and crypt —with code samples, recommending the use of stronger algorithms and proper salts to enhance password protection.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

BackendMD5cryptpassword_hashpassword-hashing
php Courses
Written by

php Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment