downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

password_needs_rehash> <password_get_info
[edit] Last updated: Fri, 26 Apr 2013

view this page in

password_hash

(PHP 5 >= 5.5.0)

password_hashCreates a password hash

Description

string password_hash ( string $password , integer $algo [, array $options ] )

password_hash() creates a new password hash.

Parameters

password

The user's password.

algo

A password algorithm constant denoting the algorithm to use when hashing the password.

options

An associative array containing options. Currently, two options are supported: salt, to provide a salt to use when hashing the password, and cost, which denotes the algorithmic cost that should be used. Examples of these values can be found on the crypt() page.

If omitted, a random salt will be created and the default cost will be used.

Return Values

Returns the hashed password, or FALSE on failure.

Examples

Example #1 password_hash() example

<?php
echo password_hash("rasmuslerdorf"PASSWORD_DEFAULT)."\n";

$options = [
    
'cost' => 7,
    
'salt' => 'BCryptRequires22Chrcts',
];
echo 
password_hash("rasmuslerdorf"PASSWORD_BCRYPT$options)."\n";
?>

The above example will output:

$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a
$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq

See Also



password_needs_rehash> <password_get_info
[edit] Last updated: Fri, 26 Apr 2013
 
add a note add a note User Contributed Notes password_hash - [3 notes]
up
10
lekensteyn at gmail dot com
4 months ago
The length of the hash returned by password_hash() for for PASSWORD_BCRYPT is 60 chars.
up
16
martinstoeckli
4 months ago
There is a compatibility pack available for PHP versions 5.3.7 and later, so you don't have to wait on version 5.5 for using this function. It comes in form of a single php file:
https://github.com/ircmaxell/password_compat
up
0
martinstoeckli
1 month ago
In most cases it is best to omit the salt parameter. Without this parameter, the function will generate a cryptographically safe salt, from the random source of the operating system.

 
show source | credits | stats | sitemap | contact | advertising | mirror sites