password_get_info
The length of the hash returned by password_hash() for for PASSWORD_BCRYPT is 60 chars.
password_hash
(PHP 5 >= 5.5.0)
password_hash — Creates a password hash
Description
string password_hash
( string
$password
, integer $algo
[, array $options
] )password_hash() creates a new password hash.
Parameters
-
password -
The user's password.
-
algo -
A password algorithm constant denoting the algorithm to use when hashing the password.
-
options -
An associative array containing options. Currently, two options are supported: salt, to provide a salt to use when hashing the password, and cost, which denotes the algorithmic cost that should be used. Examples of these values can be found on the crypt() page.
If omitted, a random salt will be created and the default cost will be used.
Return Values
Returns the hashed password, or FALSE on failure.
Examples
Example #1 password_hash() example
<?php
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."\n";
$options = [
'cost' => 7,
'salt' => 'BCryptRequires22Chrcts',
];
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options)."\n";
?>
The above example will output:
$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq
add a note
User Contributed Notes
password_hash - [3 notes]
lekensteyn at gmail dot com ¶
4 months ago
martinstoeckli ¶
4 months ago
There is a compatibility pack available for PHP versions 5.3.7 and later, so you don't have to wait on version 5.5 for using this function. It comes in form of a single php file:
https://github.com/ircmaxell/password_compat
martinstoeckli ¶
1 month ago
In most cases it is best to omit the salt parameter. Without this parameter, the function will generate a cryptographically safe salt, from the random source of the operating system.