PHP includes a dedicated password API. Use it instead of plain hashing functions for login passwords.
Code examples
$hash = password_hash($password, PASSWORD_DEFAULT);
Verify a login attempt:
if (password_verify($password, $hash)) {
// Password is valid.
}
Common errors
Do not use md5(), sha1(), or raw hash('sha256', ...) for password storage. Those functions are not password hashing APIs.
Related tool
Try the PHP Password Hash Generator Helper.