I'm just wondering what is the best way to encrypt your password with PHP in 2019. I'm using this method, but many people tell me that is an unsafe way now:
$password_protect = md5($_POST["password"]);
I did some research but I find only for 2017. So, what is the best way for that?
Thank you
Use password_hash().
Also check on password_verify().
And also check
Example:
$password = "ABCDabcd";
echo password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
The example should output something like this:
$2y$12$N6FSH8yRo0YMQ4oPJHN1vOkv7GfK3OhVp22H/AjGoVLY.5Dm7ECYS
To verify: Say user input their password and you stored it in input variable;
$input = 'ABCDabcd';
$hashed_password = '$2y$12$N6FSH8yRo0YMQ4oPJHN1vOkv7GfK3OhVp22H/AjGoVLY.5Dm7ECYS';
if(password_verify($input,$hashed_password)){
echo 'password is valid';
}else{
echo 'Password is invalid';
}
This should return password is valid.