Getting started
Routing and controllers
Command line
Databases (SQL)
Databases (NoSQL)
Security
Packages
Learn more
- Array helper
- Caching
- Collections
- Command bus (deprecated)
- Command, event and query buses
- Date and time
- Events (deprecated)
- File system
- HTML helper
- Humanizer
- Image manipulation
- Internationalization
- Logging
- Number helper
- Pagination
- Retry helper
- Sessions
- String helper
- URL builder
- UUID helper
- Validation
- Views
Official packages
Password hashing
Using md5
or sha1
hashes for storing passwords is not recommended as they are easy to brute-force with modern hardware. The password hashers included with the framework make it easy to hash and verify your passwords using modern, secure and robust hashing algorithms.
Hashers
Hasher | Requirements |
---|---|
Bcrypt | Always available |
Argon2i | Available if PHP has been compiled with Argon2i support |
Argon2id | Available if PHP has been compiled with Argon2i support |
Usage
We'll be using the Bcrypt hasher in all our examples but all the hashers implement the same interface.
$hasher = new Bcrypt;
// You can also pass an array of algorithm options
$hahser = new Bcrypt(['cost' => 14]);
Check out the official PHP documentation for details regarding the different algorithm options.
The create
method will return a hash of the provided password.
$hash = $hasher->create('foobar');
Note that the length of the password hash may vary depending on the chosen hashing algorithm. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
The verify
method will validate hashes generated using the create
method.
$valid = $hasher->verify('foobar', $hash);
The needsRehash
method returns true
if the provided hash needs to be rehashed and false
if not.
$needsRehash = $hasher->needsRehash($hash);