🔴 Advanced · Lesson 33
Password Hashing
Password Hashing
Never Store Plain Passwords
Storing passwords as plain text is dangerous. PHP's
password_hash() creates a secure, one-way hash that cannot be reversed.Hashing a Password
$password = "mypass123";
$hash = password_hash($password, PASSWORD_DEFAULT);
// store $hash in the database (not the plain password)Verifying at Login
// $hash comes from the database
if (password_verify($_POST["password"], $hash)) {
echo "Login successful";
} else {
echo "Wrong password";
}Why This is Safe
Hashes are one-way — even if your database leaks, attackers cannot easily get the original passwords. Never use md5 or sha1 for passwords.
Summary
- Use
password_hash()to store;password_verify()to check at login. - Never store plain passwords or use md5/sha1 for them.
Plain Passwords कभी न रखें
Passwords को plain text में रखना खतरनाक है। PHP का
password_hash() एक secure, one-way hash बनाता है जो reverse नहीं हो सकता।Password Hash करना
$password = "mypass123";
$hash = password_hash($password, PASSWORD_DEFAULT);
// $hash को database में store करें (plain password नहीं)Login पर Verify करना
// $hash database से आता है
if (password_verify($_POST["password"], $hash)) {
echo "Login successful";
} else {
echo "Wrong password";
}यह Safe क्यों है
Hashes one-way होते हैं — database leak हो जाए तब भी attackers आसानी से original passwords नहीं पा सकते। Passwords के लिए md5 या sha1 कभी न use करें।
सारांश
- Store के लिए
password_hash(); login पर check के लिएpassword_verify()। - Plain passwords कभी न रखें, न md5/sha1 use करें।