English
English
In the modern internet era, password security is crucial. To protect user privacy, websites typically use password encryption and verification methods to store and process user passwords. This article will explain how to implement these functions using PHP and SQLite.
Password encryption is the process of converting a user’s plaintext password into a seemingly unreadable random string. Even if the database is compromised, the plaintext password will not be exposed. In PHP, you can use the password_hash() function to encrypt passwords.
// Password encryption example
$password = "123456";
$hash = password_hash($password, PASSWORD_DEFAULT);
In the above code, $password is the user’s plaintext password, and $hash is the encrypted password. The password_hash() function will automatically generate the encrypted password based on the current default algorithm.
When a user logs in, it is essential to verify whether the password they enter matches the encrypted password stored in the database to ensure their identity. In PHP, you can use the password_verify() function for verification.
// Password verification example
$password = "123456";
$hash = "$2y$10$KZxpkRfkBrmJr9X11qaIjeJf1cgjF9OXmcruE/YqLqKx6F79KRjlC";
if (password_verify($password, $hash)) {
echo "Password verified successfully";
} else {
echo "Password verification failed";
}
In this example, $password is the plaintext password entered by the user, and $hash is the encrypted password retrieved from the database. By calling the password_verify() function, you can check whether the entered password matches the one stored in the database.
In this example, we use SQLite to store user passwords. SQLite is a lightweight embedded database that does not require an external database server, making it suitable for small projects and personal use.
First, create an SQLite database and a user table to store password information.
// Create SQLite database
$db = new SQLite3("mydb.db");
// Create user table
$query = "CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
password TEXT NOT NULL
);";
$db->exec($query);
Next, we will store the encrypted password in the database.
// Store password in database
$password = "123456";
$hash = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (username, password) VALUES ('user1', '$hash')";
$db->exec($query);
Once the password is encrypted and stored, we need to verify the password when the user logs in.
// User login
$username = "user1";
$password = "123456";
// Retrieve password from the database
$query = "SELECT password FROM users WHERE username = '$username'";
$result = $db->querySingle($query);
// Verify password
if (password_verify($password, $result)) {
echo "Login successful";
} else {
echo "Login failed";
}
// Close database connection
$db->close();
Through this example, we can implement password encryption and verification, ensuring the security of user passwords and protecting their sensitive information.
PHP and SQLite provide a simple and effective way to implement password encryption and verification. By using these functions properly, we can improve the security of our system and protect users' privacy.
