0
0
PHPprogramming~20 mins

Password hashing with password_hash in PHP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Password Hashing Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this password verification code?

Consider the following PHP code that hashes a password and then verifies it. What will be the output?

PHP
<?php
$password = 'secret123';
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify('secret123', $hash)) {
    echo 'Access granted';
} else {
    echo 'Access denied';
}
?>
AError: Undefined function password_hash
BAccess denied
CAccess grantedAccess denied
DAccess granted
Attempts:
2 left
💡 Hint

Think about what password_hash and password_verify do together.

🧠 Conceptual
intermediate
1:30remaining
What does PASSWORD_DEFAULT mean in password_hash?

In PHP's password_hash function, what does the constant PASSWORD_DEFAULT represent?

AIt always uses the MD5 hashing algorithm.
BIt disables hashing and stores the password as plain text.
CIt uses the strongest available algorithm currently recommended by PHP.
DIt uses a custom user-defined hashing algorithm.
Attempts:
2 left
💡 Hint

Think about why PHP would choose a default algorithm.

🔧 Debug
advanced
2:30remaining
Why does this password verification always fail?

Look at this PHP code snippet. It tries to verify a password but always prints 'Access denied'. What is the problem?

PHP
<?php
$password = 'mypassword';
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($password, '$hash')) {
    echo 'Access granted';
} else {
    echo 'Access denied';
}
?>
AThe hash is passed as a string literal instead of the variable, so verification fails.
Bpassword_hash does not generate a valid hash for password_verify.
Cpassword_verify requires the password first, then the hash, but the order is reversed here.
DThe password variable is empty, so verification fails.
Attempts:
2 left
💡 Hint

Check how the hash variable is used inside password_verify.

📝 Syntax
advanced
2:00remaining
Which option correctly hashes and verifies a password?

Which of the following PHP code snippets correctly hashes a password and verifies it?

A
&lt;?php
$pass = 'abc123';
$hash = password_hash($pass, PASSWORD_DEFAULT);
if(password_verify($pass, $hash)) echo 'OK';
?&gt;
B
&lt;?php
$pass = 'abc123';
$hash = password_hash($pass PASSWORD_DEFAULT);
if(password_verify($pass, $hash)) echo 'OK';
?&gt;
C
&lt;?php
$pass = 'abc123';
$hash = password_hash($pass, PASSWORD_DEFAULT)
if(password_verify($pass, $hash)) echo 'OK';
?&gt;
D
&lt;?php
$pass = 'abc123';
$hash = password_hash($pass, PASSWORD_DEFAULT);
if(password_verify($hash, $pass)) echo 'OK';
?&gt;
Attempts:
2 left
💡 Hint

Look carefully for missing commas, semicolons, and argument order.

🚀 Application
expert
3:00remaining
How many items are in the array after this password hash update?

This PHP code stores user passwords hashed. It then updates the hash if the algorithm changes. How many items will be in the $users array after running this code?

PHP
<?php
$users = [
    ['username' => 'alice', 'hash' => password_hash('pass1', PASSWORD_DEFAULT)],
    ['username' => 'bob', 'hash' => password_hash('pass2', PASSWORD_DEFAULT)]
];

foreach ($users as &$user) {
    if (password_needs_rehash($user['hash'], PASSWORD_DEFAULT)) {
        $user['hash'] = password_hash('pass' . substr($user['username'], 0, 1), PASSWORD_DEFAULT);
    }
}

// How many items in $users?
A0
B2
C1
DDepends on the PHP version
Attempts:
2 left
💡 Hint

Think about whether the array changes size during the loop.