compare password_hash and Security::generatePasswordHash($password) code example

Example 1: php hash password

/* Include the database connection script. */
include 'pdo.php';

/* Username. */
$username = 'John';

/* Password. */
$password = 'my secret password';

/* Secure password hash. */
$hash = password_hash($password, PASSWORD_DEFAULT);

/* Insert query template. */
$query = 'INSERT INTO accounts (account_name, account_passwd) VALUES (:name, :passwd)';

/* Values array for PDO. */
$values = [':name' => $username, ':passwd' => $hash];

/* Execute the query. */
try
{
  $res = $pdo->prepare($query);
  $res->execute($values);
}
catch (PDOException $e)
{
  /* Query error. */
  echo 'Query error.';
  die();
}

Example 2: php hash password

/* Include the database connection script. */
include 'pdo.php';

/* Login status: false = not authenticated, true = authenticated. */
$login = FALSE;

/* Username from the login form. */
$username = $_POST['username'];

/* Password from the login form. */
$password = $_POST['password'];

/* Remember to validate $username and $password. */

/* Look for the username in the database. */
$query = 'SELECT * FROM accounts WHERE (account_name = :name)';

/* Values array for PDO. */
$values = [':name' => $username];

/* Execute the query */
try
{
  $res = $pdo->prepare($query);
  $res->execute($values);
}
catch (PDOException $e)
{
  /* Query error. */
  echo 'Query error.';
  die();
}

$row = $res->fetch(PDO::FETCH_ASSOC);

/* If there is a result, check if the password matches using password_verify(). */
if (is_array($row))
{
  if (password_verify($password, $row['account_passwd']))
  {
    /* The password is correct. */
    $login = TRUE;
  }
}

Tags:

Php Example