In this tutorial we will learn How to Salt & Hash a Password with Sha256 in PHP.
Syntax for Sha256 encryption
$password=$_POST['password'];
$hasedpassword=hash('sha256',$password);
Signup form
A the time of signup encrypt the password with Sha256 then insert in to database .
<?php
//Database Configuration File
include('config.php');
error_reporting(0);
if(isset($_POST['signup']))
{
//Getting Post Values
$fullname=$_POST['fname'];
$username=$_POST['username'];
$email=$_POST['email'];
$mobile=$_POST['mobilenumber'];
$password=$_POST['password'];
// Password encryption by using Sha256
$hasedpassword=hash('sha256',$password);
// Query for validation of username and email-id
$ret="SELECT * FROM userdata where (UserName=:uname || UserEmail=:uemail)";
$queryt = $dbh -> prepare($ret);
$queryt->bindParam(':uemail',$email,PDO::PARAM_STR);
$queryt->bindParam(':uname',$username,PDO::PARAM_STR);
$queryt -> execute();
$results = $queryt -> fetchAll(PDO::FETCH_OBJ);
if($queryt -> rowCount() == 0)
{
// Query for Insertion
$sql="INSERT INTO userdata(FullName,UserName,UserEmail,UserMobileNumber,LoginPassword) VALUES(:fname,:uname,:uemail,:umobile,:upassword)";
$query = $dbh->prepare($sql);
// Binding Post Values
$query->bindParam(':fname',$fullname,PDO::PARAM_STR);
$query->bindParam(':uname',$username,PDO::PARAM_STR);
$query->bindParam(':uemail',$email,PDO::PARAM_STR);
$query->bindParam(':umobile',$mobile,PDO::PARAM_INT);
$query->bindParam(':upassword',$hasedpassword,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$msg="You have signup Scuccessfully";
}
else
{
$error="Something went wrong.Please try again";
}
}
else
{
$error="Username or Email-id already exist. Please try again";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>PDO | Registration Form</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/bootstrap-combined.min.css" rel="stylesheet">
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/js/bootstrap.min.js"></script>
<style>
.errorWrap {
padding: 10px;
margin: 0 0 20px 0;
background: #fff;
border-left: 4px solid #dd3d36;
-webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1);
box-shadow: 0 1px 1px 0 rgba(0,0,0,.1);
}
.succWrap{
padding: 10px;
margin: 0 0 20px 0;
background: #fff;
border-left: 4px solid #5cb85c;
-webkit-box-shadow: 0 1px 1px 0 rgba(0,0,0,.1);
box-shadow: 0 1px 1px 0 rgba(0,0,0,.1);
}
</style>
<!--Javascript for check username availability-->
<script>
function checkUsernameAvailability() {
$("#loaderIcon").show();
jQuery.ajax({
url: "check_availability.php",
data:'username='+$("#username").val(),
type: "POST",
success:function(data){
$("#username-availability-status").html(data);
$("#loaderIcon").hide();
},
error:function (){
}
});
}
</script>
<!--Javascript for check email availability-->
<script>
function checkEmailAvailability() {
$("#loaderIcon").show();
jQuery.ajax({
url: "check_availability.php",
data:'email='+$("#email").val(),
type: "POST",
success:function(data){
$("#email-availability-status").html(data);
$("#loaderIcon").hide();
},
error:function (){
event.preventDefault();
}
});
}
</script>
</head>
<body>
<form class="form-horizontal" action='' method="post">
<fieldset>
<div id="legend" style="padding-left:4%">
<legend class="">Register | <a href="index.php">Sign in</a></legend>
</div>
<!--Error Message-->
<?php if($error){ ?><div class="errorWrap">
<strong>Error </strong> : <?php echo htmlentities($error);?></div>
<?php } ?>
<!--Success Message-->
<?php if($msg){ ?><div class="succWrap">
<strong>Well Done </strong> : <?php echo htmlentities($msg);?></div>
<?php } ?>
<div class="control-group">
<!-- Full name -->
<label class="control-label" for="fullname">Full Name</label>
<div class="controls">
<input type="text" id="fname" name="fname" pattern="[a-zA-Z\s]+" title="Full name must contain letters only" class="input-xlarge" required>
<p class="help-block">Full can contain any letters only</p>
</div>
</div>
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" onBlur="checkUsernameAvailability()" pattern="^[a-zA-Z][a-zA-Z0-9-_.]{5,12}$" title="User must be alphanumeric without spaces 6 to 12 chars" class="input-xlarge" required>
<span id="username-availability-status" style="font-size:12px;"></span>
<p class="help-block">Username can contain any letters or numbers, without spaces 6 to 12 chars </p>
</div>
</div>
<div class="control-group">
<!-- E-mail -->
<label class="control-label" for="email">E-mail</label>
<div class="controls">
<input type="email" id="email" name="email" placeholder="" onBlur="checkEmailAvailability()" class="input-xlarge" required>
<span id="email-availability-status" style="font-size:12px;"></span>
<p class="help-block">Please provide your E-mail</p>
</div>
</div>
<div class="control-group">
<!-- Mobile Number -->
<label class="control-label" for="mobilenumber">Mobile Number </label>
<div class="controls">
<input type="text" id="mobilenumber" name="mobilenumber" pattern="[0-9]{10}" maxlength="10" title="10 numeric digits only" class="input-xlarge" required>
<p class="help-block">Mobile Number Contain only 10 digit numeric values</p>
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" pattern="^\S{4,}$" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Must have at least 4 characters' : ''); if(this.checkValidity()) form.password_two.pattern = this.value;" required class="input-xlarge">
<p class="help-block">Password should be at least 4 characters</p>
</div>
</div>
<div class="control-group">
<!-- Confirm Password -->
<label class="control-label" for="password_confirm">Password (Confirm)</label>
<div class="controls">
<input type="password" id="password_confirm" name="password_confirm" pattern="^\S{4,}$" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Please enter the same Password as above' : '')"" class="input-xlarge">
<p class="help-block">Please confirm password</p>
</div>
</div>
<div class="control-group">
<!-- Button -->
<div class="controls">
<button class="btn btn-success" type="submit" name="signup">Signup </button>
</div>
</div>
</fieldset>
</form>
<script type="text/javascript">
</script>
</body>
</html>
Login
Step1: Generate a random number
//Generating random number for salt
if(@$_SESSION['randnmbr']==""){
$Alpha22=range("A","Z");
$Alpha12=range("A","Z");
$alpha22=range("a","z");
$alpha12=range("a","z");
$num22=range(1000,9999);
$num12=range(1000,9999);
$numU22=range(99999,10000);
$numU12=range(99999,10000);
$AlphaB22=array_rand($Alpha22);
$AlphaB12=array_rand($Alpha12);
$alphaS22=array_rand($alpha22);
$alphaS12=array_rand($alpha12);
$Num22=array_rand($num22);
$NumU22=array_rand($numU22);
$Num12=array_rand($num12);
$NumU12=array_rand($numU12);
$res22=$Alpha22[$AlphaB22].$num22[$Num22].$Alpha12[$AlphaB12].$numU22[$NumU22].$alpha22[$alphaS22].$num12[$Num12];
$text22=str_shuffle($res22);
$_SESSION['randnum']= $text22;
}
Step2: Encrypt the post password by using Sha256
$password=hash('sha256',$_POST['password']);
Step3: Again Encrypt the Password with random number
$saltedpasswrd=hash('sha256',$password.$_SESSION['randnum']);
Step4 : Fetch stored password from database on the basis of username/email and encrypt the password using sha256 with random number .
After that create a cost .You can configure your cost value according to your server configuration.By Default value is 10.
foreach ($results as $result) {
$fetchpassword=$result->LoginPassword;
// hashing for stored password
$storedpass= hash('sha256',$fetchpassword.$_SESSION['randnum']);
}
//You can configure your cost value according to your server configuration.By Default value is 10.
$options = [
'cost' => 12,
];
Step5: Hashing of the post password
$hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
Step6: Now verify post hash password against stored password by using password_verify() function.
$hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
if(password_verify($storedpass,$hash)){
}
Here is the full code that we have written for login
<?php
session_start();
//Database Configuration File
include('config.php');
error_reporting(0);
if(isset($_POST['login']))
{
//Genrating random number for salt
if(@$_SESSION['randnmbr']==""){
$Alpha22=range("A","Z");
$Alpha12=range("A","Z");
$alpha22=range("a","z");
$alpha12=range("a","z");
$num22=range(1000,9999);
$num12=range(1000,9999);
$numU22=range(99999,10000);
$numU12=range(99999,10000);
$AlphaB22=array_rand($Alpha22);
$AlphaB12=array_rand($Alpha12);
$alphaS22=array_rand($alpha22);
$alphaS12=array_rand($alpha12);
$Num22=array_rand($num22);
$NumU22=array_rand($numU22);
$Num12=array_rand($num12);
$NumU12=array_rand($numU12);
$res22=$Alpha22[$AlphaB22].$num22[$Num22].$Alpha12[$AlphaB12].$numU22[$NumU22].$alpha22[$alphaS22].$num12[$Num12];
$text22=str_shuffle($res22);
$_SESSION['randnum']= $text22;
}
// Getting username/ email and password
$uname=$_POST['username'];
$password=hash('sha256',$_POST['password']);
// Hashing with Random Number
$saltedpasswrd=hash('sha256',$password.$_SESSION['randnum']);
// Fetch stored password from database on the basis of username/email
$sql ="SELECT UserName,UserEmail,LoginPassword FROM userdata WHERE (UserName=:usname || UserEmail=:usname)";
$query= $dbh -> prepare($sql);
$query-> bindParam(':usname', $uname, PDO::PARAM_STR);
$query-> execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
foreach ($results as $result) {
$fetchpassword=$result->LoginPassword;
// hashing for stored password
$storedpass= hash('sha256',$fetchpassword.$_SESSION['randnum']);
}
//You can configure your cost value according to your server configuration.By Default value is 10.
$options = [
'cost' => 12,
];
// Hashing of the post password
$hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
// Verifying Post password againt stored password
if(password_verify($storedpass,$hash)){
$_SESSION['userlogin']=$_POST['username'];
echo "<script type='text/javascript'> document.location = 'welcome.php'; </script>";
}
else {
echo "<script>alert('Wrong password');</script>";
}
}
else{
echo "<script>alert('Invalid Details');</script>";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<!-- This file has been downloaded from Bootsnipp.com. Enjoy! -->
<title>PDO | Login form</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="http://netdna.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet">
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
</head>
<body>
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet">
<div id="login-overlay" class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h4 class="modal-title" id="myModalLabel">Login Form</h4>
</div>
<div class="modal-body">
<div class="row">
<div class="col-xs-6">
<div class="well">
<form id="loginForm" method="post">
<div class="form-group">
<label for="username" class="control-label">Username / Email id</label>
<input type="text" class="form-control" id="username" name="username" required="" title="Please enter you username or Email-id" placeholder="email or username" >
<span class="help-block"></span>
</div>
<div class="form-group">
<label for="password" class="control-label">Password</label>
<input type="password" class="form-control" id="password" name="password" placeholder="Password" value="" required="" title="Please enter your password">
<span class="help-block"></span>
</div>
<button type="submit" class="btn btn-success btn-block" name="login">Login</button>
</form>
</div>
</div>
<div class="col-xs-6">
<p class="lead">Register now for <span class="text-success">FREE</span></p>
<ul class="list-unstyled" style="line-height: 2">
<li><span class="fa fa-check text-success"></span> Lorem ipsum dolor sit amet</li>
<li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li>
<li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li>
<li><span class="fa fa-check text-success"></span>Lorem ipsum dolor sit amet</li>
<li><span class="fa fa-check text-success"></span> Lorem ipsum dolor sit amet</li>
</ul>
<p><a href="signup.php" class="btn btn-info btn-block">Yes please, register now!</a></p>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
</script>
</body>
</html>
Download Here
