In this tutorial we will learn How to Salt & Hash a Password with Sha256 in PHP.
Syntax for Sha256 encryption
$password=$_POST['password']; $hasedpassword=hash('sha256',$password);
Signup form
A the time of signup encrypt the password with Sha256 then insert in to database .
<?php //Database Configuration File include('config.php'); error_reporting(0); if(isset($_POST['signup'])) { //Getting Post Values $fullname=$_POST['fname']; $username=$_POST['username']; $email=$_POST['email']; $mobile=$_POST['mobilenumber']; $password=$_POST['password']; // Password encryption by using Sha256 $hasedpassword=hash('sha256',$password); // Query for validation of username and email-id $ret="SELECT * FROM userdata where (UserName=:uname || UserEmail=:uemail)"; $queryt = $dbh -> prepare($ret); $queryt->bindParam(':uemail',$email,PDO::PARAM_STR); $queryt->bindParam(':uname',$username,PDO::PARAM_STR); $queryt -> execute(); $results = $queryt -> fetchAll(PDO::FETCH_OBJ); if($queryt -> rowCount() == 0) { // Query for Insertion $sql="INSERT INTO userdata(FullName,UserName,UserEmail,UserMobileNumber,LoginPassword) VALUES(:fname,:uname,:uemail,:umobile,:upassword)"; $query = $dbh->prepare($sql); // Binding Post Values $query->bindParam(':fname',$fullname,PDO::PARAM_STR); $query->bindParam(':uname',$username,PDO::PARAM_STR); $query->bindParam(':uemail',$email,PDO::PARAM_STR); $query->bindParam(':umobile',$mobile,PDO::PARAM_INT); $query->bindParam(':upassword',$hasedpassword,PDO::PARAM_STR); $query->execute(); $lastInsertId = $dbh->lastInsertId(); if($lastInsertId) { $msg="You have signup Scuccessfully"; } else { $error="Something went wrong.Please try again"; } } else { $error="Username or Email-id already exist. Please try again"; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>PDO | Registration Form</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/bootstrap-combined.min.css" rel="stylesheet"> <script src="http://code.jquery.com/jquery-1.11.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/js/bootstrap.min.js"></script> <style> .errorWrap { padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #dd3d36; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } .succWrap{ padding: 10px; margin: 0 0 20px 0; background: #fff; border-left: 4px solid #5cb85c; -webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); box-shadow: 0 1px 1px 0 rgba(0,0,0,.1); } </style> <!--Javascript for check username availability--> <script> function checkUsernameAvailability() { $("#loaderIcon").show(); jQuery.ajax({ url: "check_availability.php", data:'username='+$("#username").val(), type: "POST", success:function(data){ $("#username-availability-status").html(data); $("#loaderIcon").hide(); }, error:function (){ } }); } </script> <!--Javascript for check email availability--> <script> function checkEmailAvailability() { $("#loaderIcon").show(); jQuery.ajax({ url: "check_availability.php", data:'email='+$("#email").val(), type: "POST", success:function(data){ $("#email-availability-status").html(data); $("#loaderIcon").hide(); }, error:function (){ event.preventDefault(); } }); } </script> </head> <body> <form class="form-horizontal" action='' method="post"> <fieldset> <div id="legend" style="padding-left:4%"> <legend class="">Register | <a href="index.php">Sign in</a></legend> </div> <!--Error Message--> <?php if($error){ ?><div class="errorWrap"> <strong>Error </strong> : <?php echo htmlentities($error);?></div> <?php } ?> <!--Success Message--> <?php if($msg){ ?><div class="succWrap"> <strong>Well Done </strong> : <?php echo htmlentities($msg);?></div> <?php } ?> <div class="control-group"> <!-- Full name --> <label class="control-label" for="fullname">Full Name</label> <div class="controls"> <input type="text" id="fname" name="fname" pattern="[a-zA-Z\s]+" title="Full name must contain letters only" class="input-xlarge" required> <p class="help-block">Full can contain any letters only</p> </div> </div> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" onBlur="checkUsernameAvailability()" pattern="^[a-zA-Z][a-zA-Z0-9-_.]{5,12}$" title="User must be alphanumeric without spaces 6 to 12 chars" class="input-xlarge" required> <span id="username-availability-status" style="font-size:12px;"></span> <p class="help-block">Username can contain any letters or numbers, without spaces 6 to 12 chars </p> </div> </div> <div class="control-group"> <!-- E-mail --> <label class="control-label" for="email">E-mail</label> <div class="controls"> <input type="email" id="email" name="email" placeholder="" onBlur="checkEmailAvailability()" class="input-xlarge" required> <span id="email-availability-status" style="font-size:12px;"></span> <p class="help-block">Please provide your E-mail</p> </div> </div> <div class="control-group"> <!-- Mobile Number --> <label class="control-label" for="mobilenumber">Mobile Number </label> <div class="controls"> <input type="text" id="mobilenumber" name="mobilenumber" pattern="[0-9]{10}" maxlength="10" title="10 numeric digits only" class="input-xlarge" required> <p class="help-block">Mobile Number Contain only 10 digit numeric values</p> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" pattern="^\S{4,}$" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Must have at least 4 characters' : ''); if(this.checkValidity()) form.password_two.pattern = this.value;" required class="input-xlarge"> <p class="help-block">Password should be at least 4 characters</p> </div> </div> <div class="control-group"> <!-- Confirm Password --> <label class="control-label" for="password_confirm">Password (Confirm)</label> <div class="controls"> <input type="password" id="password_confirm" name="password_confirm" pattern="^\S{4,}$" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Please enter the same Password as above' : '')"" class="input-xlarge"> <p class="help-block">Please confirm password</p> </div> </div> <div class="control-group"> <!-- Button --> <div class="controls"> <button class="btn btn-success" type="submit" name="signup">Signup </button> </div> </div> </fieldset> </form> <script type="text/javascript"> </script> </body> </html>
Login
Step1: Generate a random number
//Generating random number for salt if(@$_SESSION['randnmbr']==""){ $Alpha22=range("A","Z"); $Alpha12=range("A","Z"); $alpha22=range("a","z"); $alpha12=range("a","z"); $num22=range(1000,9999); $num12=range(1000,9999); $numU22=range(99999,10000); $numU12=range(99999,10000); $AlphaB22=array_rand($Alpha22); $AlphaB12=array_rand($Alpha12); $alphaS22=array_rand($alpha22); $alphaS12=array_rand($alpha12); $Num22=array_rand($num22); $NumU22=array_rand($numU22); $Num12=array_rand($num12); $NumU12=array_rand($numU12); $res22=$Alpha22[$AlphaB22].$num22[$Num22].$Alpha12[$AlphaB12].$numU22[$NumU22].$alpha22[$alphaS22].$num12[$Num12]; $text22=str_shuffle($res22); $_SESSION['randnum']= $text22; }
Step2: Encrypt the post password by using Sha256
$password=hash('sha256',$_POST['password']);
Step3: Again Encrypt the Password with random number
$saltedpasswrd=hash('sha256',$password.$_SESSION['randnum']);
Step4 : Fetch stored password from database on the basis of username/email and encrypt the password using sha256 with random number .
After that create a cost .You can configure your cost value according to your server configuration.By Default value is 10.
foreach ($results as $result) { $fetchpassword=$result->LoginPassword; // hashing for stored password $storedpass= hash('sha256',$fetchpassword.$_SESSION['randnum']); } //You can configure your cost value according to your server configuration.By Default value is 10. $options = [ 'cost' => 12, ];
Step5: Hashing of the post password
$hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
Step6: Now verify post hash password against stored password by using password_verify() function.
$hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options); if(password_verify($storedpass,$hash)){ }
Here is the full code that we have written for login
<?php session_start(); //Database Configuration File include('config.php'); error_reporting(0); if(isset($_POST['login'])) { //Genrating random number for salt if(@$_SESSION['randnmbr']==""){ $Alpha22=range("A","Z"); $Alpha12=range("A","Z"); $alpha22=range("a","z"); $alpha12=range("a","z"); $num22=range(1000,9999); $num12=range(1000,9999); $numU22=range(99999,10000); $numU12=range(99999,10000); $AlphaB22=array_rand($Alpha22); $AlphaB12=array_rand($Alpha12); $alphaS22=array_rand($alpha22); $alphaS12=array_rand($alpha12); $Num22=array_rand($num22); $NumU22=array_rand($numU22); $Num12=array_rand($num12); $NumU12=array_rand($numU12); $res22=$Alpha22[$AlphaB22].$num22[$Num22].$Alpha12[$AlphaB12].$numU22[$NumU22].$alpha22[$alphaS22].$num12[$Num12]; $text22=str_shuffle($res22); $_SESSION['randnum']= $text22; } // Getting username/ email and password $uname=$_POST['username']; $password=hash('sha256',$_POST['password']); // Hashing with Random Number $saltedpasswrd=hash('sha256',$password.$_SESSION['randnum']); // Fetch stored password from database on the basis of username/email $sql ="SELECT UserName,UserEmail,LoginPassword FROM userdata WHERE (UserName=:usname || UserEmail=:usname)"; $query= $dbh -> prepare($sql); $query-> bindParam(':usname', $uname, PDO::PARAM_STR); $query-> execute(); $results=$query->fetchAll(PDO::FETCH_OBJ); if($query->rowCount() > 0) { foreach ($results as $result) { $fetchpassword=$result->LoginPassword; // hashing for stored password $storedpass= hash('sha256',$fetchpassword.$_SESSION['randnum']); } //You can configure your cost value according to your server configuration.By Default value is 10. $options = [ 'cost' => 12, ]; // Hashing of the post password $hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options); // Verifying Post password againt stored password if(password_verify($storedpass,$hash)){ $_SESSION['userlogin']=$_POST['username']; echo "<script type='text/javascript'> document.location = 'welcome.php'; </script>"; } else { echo "<script>alert('Wrong password');</script>"; } } else{ echo "<script>alert('Invalid Details');</script>"; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <!-- This file has been downloaded from Bootsnipp.com. Enjoy! --> <title>PDO | Login form</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="http://netdna.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet"> <script src="http://code.jquery.com/jquery-1.11.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script> </head> <body> <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"> <div id="login-overlay" class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title" id="myModalLabel">Login Form</h4> </div> <div class="modal-body"> <div class="row"> <div class="col-xs-6"> <div class="well"> <form id="loginForm" method="post"> <div class="form-group"> <label for="username" class="control-label">Username / Email id</label> <input type="text" class="form-control" id="username" name="username" required="" title="Please enter you username or Email-id" placeholder="email or username" > <span class="help-block"></span> </div> <div class="form-group"> <label for="password" class="control-label">Password</label> <input type="password" class="form-control" id="password" name="password" placeholder="Password" value="" required="" title="Please enter your password"> <span class="help-block"></span> </div> <button type="submit" class="btn btn-success btn-block" name="login">Login</button> </form> </div> </div> <div class="col-xs-6"> <p class="lead">Register now for <span class="text-success">FREE</span></p> <ul class="list-unstyled" style="line-height: 2"> <li><span class="fa fa-check text-success"></span> Lorem ipsum dolor sit amet</li> <li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li> <li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li> <li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li> <li><span class="fa fa-check text-success"></span> Lorem ipsum dolor sit amet</li> </ul> <p><a href="signup.php" class="btn btn-info btn-block">Yes please, register now!</a></p> </div> </div> </div> </div> </div> <script type="text/javascript"> </script> </body> </html>Download Here