Jinsi ya Kutumia Password Hashing kwa Security

FAUSTINE MWOYA November 12, 2025

Hifadhi password wazi kwenye database ni hatari kubwa. Password hashing inabadilisha password kuwa encrypted hash isiyo reversible, hivyo:

Hacker hawezi kuona password ya asili hata kama database inapakana.

PHP inatoa functions za salama: password_hash() na password_verify().

⚙️ 2. Hashing Password wakati wa Registration
<?php
$password = $_POST['password'];

// Hash password using BCRYPT
$hash = password_hash($password, PASSWORD_DEFAULT);

// Save $hash into database
$stmt = $pdo->prepare("INSERT INTO users (username,email,password) VALUES (:username,:email,:password)");
$stmt->execute([
'username' => $_POST['username'],
'email' => $_POST['email'],
'password' => $hash
]);
?>

💡 Maelezo:

PASSWORD_DEFAULT inachagua algorithm salama (kama BCRYPT).

Hash hubadilika kila wakati hata kwa password sawa.

🔑 3. Verifying Password wakati wa Login
<?php
$email = $_POST['email'];
$password = $_POST['password'];

// Get user from database
$stmt = $pdo->prepare("SELECT * FROM users WHERE email=:email");
$stmt->execute(['email'=>$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user && password_verify($password, $user['password'])){
// Password is correct
session_start();
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];

header("Location: dashboard.php");
exit;
} else {
echo "❌ Invalid email or password!";
}
?>

💡 Maelezo:

password_verify() inalinganisha password ya user na hash iliyohifadhiwa.

Haina ku-reverse hash.

🧠 4. Vidokezo vya Usalama

Hakikisha hashing inafanyika server-side.

Usihifadhi passwords wazi.

Use PDO prepared statements pamoja na hashing ili kuzuia SQL injection.

Password rehashing: Kama algorithm ya default inabadilika, unaweza ku-rehash password wakati user inaji-login:

if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
$newHash = password_hash($password, PASSWORD_DEFAULT);
// update database with $newHash
}

Minimum password length & complexity – ondoa passwords rahisi.

✅ 5. Hitimisho

Password hashing ni foundation ya secure authentication system.

PHP inafanya hashing na verification rahisi na salama.

Haina haja ya encryption reversible, hivyo hacker hawezi kupata password asli.

🔗 Tembelea:

👉 https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, password security, na authentication best practices

Jinsi ya Kutumia Password Hashing kwa Security

Comments

All Posts

60 PHP Workers na 75 MySQL Connections: Je Hosting Yako Inatosha Kwa Website Yako? (Mwongozo Kamili 2026)

Jinsi ya Kuunda Email ya Biashara kwa kutumia Domain Name (faulink.com Mfano)

Jinsi ya Kufungua Official Email ya Biashara (info@faulink.com ) – Step by Step Guide 2026

Jinsi ya Kufungua Gmail Account Mpya kwa Haraka (Step by Step Guide 2026)

Jinsi ya Kutengeneza Professional Email Account kwa Domain Yako | Faulink

Best Email API Services 2026: Mailgun vs MailerSend vs Brevo (Best for Developers & Businesses in Tanzania)

Jinsi ya Kununua Domain na Hosting Tanzania (Hatua kwa Hatua – Mwongozo Kamili)

Tofauti ya Domain na Hosting (Mwongozo wa Kina kwa Wanaoanza na Wataalamu)

Domain ni Nini? Mwongozo Kamili wa Kuelewa Domain kwa Undani (SEO Guide)

Shared Hosting ni Nini? Aina za Web Hosting na Ipi Inakufaa

Categories

Recent Posts

Faulink Systems

Subscribe