The new password_* methods are only available as of PHP 5.5: http://www.php.net/manual/en/function.password-hash.php Take a look at this library that provides forward compatibility: https://github.com/ircmaxell/password_compat You can use that to get access to the new password_* methods until you are able to run PHP 5.5.
So let’s take it one part at a time but it returns a different hash every time That’s the idea. password_hash is designed to generate a random salt every time. This means you have to break each hash individually instead of guessing one salt used for everything and having a huge leg up. There’s no … Read more
There are a variety of reasons why password_verify could be returning false, it can range from the setup of your table to the actual comparing of the password, below are the common causes of it failing. Column Setup The length of the password column in your table is too short: If you are using PASSWORD_DEFAULT … Read more
Here is what I use for password_hash and password_verify. Try it out as written, you can then start adding in the rest of your code once successful. Modify table and column name(s) to suit. N.B.: This is a basic insertion method. I suggest you use prepared statements instead. Sidenote: The password column needs to be … Read more
Ignoring the issues with your database statements for now, I’ll answer the question regarding password_hash. In short, no, that is not how you do it. You do not want to store the salt alone, you should be storing both the hash and salt, and then using both to verify the password. password_hash returns a string … Read more
Using password_hash is the recommended way to store passwords. Don’t separate them to DB and files. Let’s say we have the following input: $password = $_POST[‘password’]; You first hash the password by doing this: $hashed_password = password_hash($password, PASSWORD_DEFAULT); Then see the output: var_dump($hashed_password); As you can see it’s hashed. (I assume you did those steps). … Read more