Jinsi ya Kutumia Password Hashing kwa Security

FAUSTINE MWOYA November 12, 2025

Hifadhi password wazi kwenye database ni hatari kubwa. Password hashing inabadilisha password kuwa encrypted hash isiyo reversible, hivyo:

Hacker hawezi kuona password ya asili hata kama database inapakana.

PHP inatoa functions za salama: password_hash() na password_verify().

⚙️ 2. Hashing Password wakati wa Registration
<?php
$password = $_POST['password'];

// Hash password using BCRYPT
$hash = password_hash($password, PASSWORD_DEFAULT);

// Save $hash into database
$stmt = $pdo->prepare("INSERT INTO users (username,email,password) VALUES (:username,:email,:password)");
$stmt->execute([
'username' => $_POST['username'],
'email' => $_POST['email'],
'password' => $hash
]);
?>

💡 Maelezo:

PASSWORD_DEFAULT inachagua algorithm salama (kama BCRYPT).

Hash hubadilika kila wakati hata kwa password sawa.

🔑 3. Verifying Password wakati wa Login
<?php
$email = $_POST['email'];
$password = $_POST['password'];

// Get user from database
$stmt = $pdo->prepare("SELECT * FROM users WHERE email=:email");
$stmt->execute(['email'=>$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user && password_verify($password, $user['password'])){
// Password is correct
session_start();
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];

header("Location: dashboard.php");
exit;
} else {
echo "❌ Invalid email or password!";
}
?>

💡 Maelezo:

password_verify() inalinganisha password ya user na hash iliyohifadhiwa.

Haina ku-reverse hash.

🧠 4. Vidokezo vya Usalama

Hakikisha hashing inafanyika server-side.

Usihifadhi passwords wazi.

Use PDO prepared statements pamoja na hashing ili kuzuia SQL injection.

Password rehashing: Kama algorithm ya default inabadilika, unaweza ku-rehash password wakati user inaji-login:

if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
$newHash = password_hash($password, PASSWORD_DEFAULT);
// update database with $newHash
}

Minimum password length & complexity – ondoa passwords rahisi.

✅ 5. Hitimisho

Password hashing ni foundation ya secure authentication system.

PHP inafanya hashing na verification rahisi na salama.

Haina haja ya encryption reversible, hivyo hacker hawezi kupata password asli.

🔗 Tembelea:

👉 https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, password security, na authentication best practices

Jinsi ya Kutumia Password Hashing kwa Security

Comments

All Posts

How to Build a Professional School Management System Using PHP and MySQL (Step-by-Step Guide)

Tengeneza Website na Database ya Kisasa Tanzania | Badilisha Biashara Yako Kuwa Mashine ya Mauzo Mtandaoni

Tengeneza Website na Database ya Biashara Tanzania | Ongeza Mauzo na Wateja Mtandaoni Haraka

Huduma ya Kutengeneza Website na Database Tanzania | Mfumo Kamili wa Biashara Mtandaoni

Tengeneza Database ya Kisasa Tanzania | Mfumo Salama wa Kuhifadhi na Kusimamia Taarifa

Huduma ya Kutengeneza Database Tanzania | Mfumo wa Kisasa wa Usimamizi wa Taarifa

Tengeneza Website ya Kisasa Tanzania | Huduma Bora ya Website Design kwa Biashara

Huduma ya Kutengeneza Website Tanzania | Create Professional Website kwa Biashara Yako

Jinsi ya Kuongeza Google Map Kwenye Website (Bila API Key) – Mwongozo Rahisi wa 2026

Jinsi YouTube Inavyolipa Creators (Mwongozo Kamili wa Malipo + Calculation 2026)

Categories

Recent Posts

Faulink Systems

Subscribe