Is it advisable to store multiple passwords in an array and compare them with user input in PHP?
Storing multiple passwords in an array and comparing them with user input in PHP is not a secure practice as it exposes all passwords in plain text. It is recommended to securely hash passwords using a strong hashing algorithm like bcrypt and compare the hashed password with the user input.
// Sample code snippet to securely hash and compare passwords in PHP
// Array of hashed passwords
$hashedPasswords = [
'$2y$10$0jDv6cD2k4zN4O0N6Yy6eO6T9tjBp3Y5m2g5cY7t0n7x1c6z2C8QK', // hashed password 1
'$2y$10$1pQm7xN6z4tM2oJ9c2xP6tE3tI6mK1v0q4e2aZ8n3b5c7z9b3U4W' // hashed password 2
];
// User input password
$userInputPassword = 'password123';
// Hash the user input password
$hashedUserInputPassword = password_hash($userInputPassword, PASSWORD_BCRYPT);
// Compare hashed user input password with hashed passwords in the array
foreach ($hashedPasswords as $hashedPassword) {
if (password_verify($userInputPassword, $hashedPassword)) {
echo 'Password match found!';
break;
}
}
Keywords
Related Questions
- How can a PHP developer ensure that all entries from a database are correctly displayed using document.write in a loop?
- What are the potential pitfalls of trying to use mysqli methods in PDO in PHP 7?
- What is the process for extracting system information from Unix and saving it to an external file for import into a MySQL database using PHP?