password_hash() creates a hash of a password using a sufficiently strong one-way hash algorithm.
Currently supported algorithms:
PASSWORD_DEFAULT
- Use the bcrypt algorithm (default in PHP 5.5.0). Note that this constant will change as PHP adds newer, stronger algorithms. Therefore, the length of the result generated using this constant will change in the future. Therefore, the column in the database that stores the results can exceed 60 characters (preferably 255 characters).PASSWORD_BCRYPT
-CRYPT_BLOWFISH
Create a hash using an algorithm. This produces a crypt() compatible with "$2y$" . The result will be a 60 character string, or returned on failurefalse
.PASSWORD_ARGON2I
- Create hashes using the Argon2i hashing algorithm. This algorithm is only available when PHP was compiled with Argon2 support.PASSWORD_ARGON2ID
- Create hash using Argon2id hashing algorithm. This algorithm is only available when PHP was compiled with Argon2 support.
PASSWORD_BCRYPT
Supported options:
-
salt
( string) - Manually provided salt for hashing passwords. This will avoid automatic salt generation (salt).When this value is omitted, password_hash() automatically generates a random salt value for each password hash. This operation is an intentional pattern.
warnThe salt option is deprecated. For now it's best to just choose to use the default generated salt. As of PHP 8.0.0, explicitly specified salt values are ignored.
-
cost
( int) - Represents the cost used by the algorithm. The crypt() page has examples of cost values.When omitted, the default is
10
. This cost is a good bottom line, but it may be possible to increase this value according to your own hardware.
PASSWORD_ARGON2I
and PASSWORD_ARGON2ID
supported options:
-
memory_cost
( int ) - Maximum memory (unit: KB) when computing Argon2 hashes. Default value:PASSWORD_ARGON2_DEFAULT_MEMORY_COST
. -
time_cost
( int) - Maximum time when computing the Argon2 hash. Default value:PASSWORD_ARGON2_DEFAULT_TIME_COST
. -
threads
( int) - Maximum number of threads when computing Argon2 hashes. Default value:PASSWORD_ARGON2_DEFAULT_THREADS
.
encryption:
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT)
verify:
<?php
// 想知道以下字符从哪里来,可参见 password_hash() 示例
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>