Password hash with postgres


Today I am facing a new challenge, implement security password with the PASSWORD HASH encryption method, I am working with postgress and php, but browsing the network I find information from md5, which, to this day , it is not safe anymore, and for password hash I found a very good video , however it is implemented with MySql and the Actually I'm just getting into programming and I do not know how to make it functional for postgres.

If anyone knows how to achieve it or knows another way to implement this method for postgres, I would appreciate it very much.

It is worth mentioning that I am currently working with md5

HTML code

include_once "includes/valid/validUser.php";
include_once "includes/bdConection.php";
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
    <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta charset="UTF-8">


    <div id="content">
      <div class="testbox">
        <h1>Inicio de sesi&oacute;n</h1><hr/>
        <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" href="#" >
          <label id="icon" for="name"><i class="icon-user"></i></label>
          <input type="number" class="inputLogin" name="userNameLogin" placeholder="Código de Usuario" required />
          <label id="icon" for="name"><i class="icon-shield"></i></label>
          <input type="password" class="inputLogin" name="passwordLogin" value=""  placeholder="Contraseña" required/>
          <input type="submit" class= "btn btn-info  btn-responsive btninter center" id="button" name="submit" value="Ingresar"/>     

validUser.php code

include_once "includes/bdConection.php";


        $query = "SELECT * FROM users WHERE id_user = '$userName' AND pw = '$password';";
        $result = pg_query($conn, $query) or die('Query failed: ' . pg_last_error());
        if(pg_num_rows($result) != 1) {
          //do error stuff
          $error = "<b> Usuario o contraseña incorrectos</b>";


              $_SESSION['varname'] = $userName;
              $_SESSION['start'] = time();
              $_SESSION['expire'] = $_SESSION['start'] + (60 * 60);
              echo "Welcome " . $userName;
              header("Location: ../index.php");


    echo "<p> $error </p>";
asked by IndiraRivas 21.03.2018 в 18:29

2 answers


I told you a series of things, first:

  • you will have to use password_hash () to make the password hasheada, that is, a combination of letters and numbers as well as characters
  • The result is a string of 60 characters so you must verify your varchar field if you accept that amount
  • the password_hash () method is from PHP not from the database manager, and is available from version 5.5.0 of the same
  • This is an example

    /*PASSWORD_BCRYPT generará un hash de 60 caracteres, por lo tanto también debes de verificar la longitud de tu campo VARCHAR que es el necesario para poder almacenar dicho valor*/
    $valorHash = password_hash("AlfredoPaz", PASSWORD_BCRYPT);
    echo $valorHash;
    /*El valor obtenido de la operación anterior es:*/
    $valorHash = '$2y$10$DicZpj8Jepva9ajp.4w8cu8i1XDP1q4pRppEZWSB1MvAhc40tsPIm';
    /*ahora con la función password_verify checamos si el hash que esta almacenado coincide con lo que manda el usuario*/
    if(password_verify('AlfredoPaz', $valorHash)) {
        return "Datos coincidentes";
    } else {
        return "Datos no coincidentes";

    Already in a more synthesized way it could be like this:

    $valorHash = password_hash("AlfredoPaz", PASSWORD_BCRYPT);
    if(password_verify('AlfredoPaz', $valorHash)) {
        echo "Datos coincidentes";
    } else {
        echo "Datos no coincidentes";

    I'm going to return matching data but if I add a space between   Alfredo y Paz will return unmatched data

    answered by 21.03.2018 в 18:57

    The encryption method is PHP, not the database

    Hash example

    echo hash('ripemd160', 'The quick brown fox jumped over the lazy dog.');

    The result would be

    answered by 21.03.2018 в 18:36