Revision: 58377
Updated Code
at July 11, 2012 22:18 by ptodorov
Updated Code
//
// PassHash.php (Utility class):
//
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
return crypt($password,
self::$algo .
self::$cost .
'$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
$full_salt = substr($hash, 0, 29);
$new_hash = crypt($password, $full_salt);
return ($hash == $new_hash);
}
}
///////////////////////////////////////////////////////////////////
//
// Usage during registration (creating a new user record) :
//
///////////////////////////////////////////////////////////////////
// include the class
require ("PassHash.php");
// read all form input from $_POST
// ...
// do your regular form validation stuff
// ...
// hash the password
$pass_hash = PassHash::hash($_POST['password']);
// store all user info in the DB, excluding $_POST['password']
// store $pass_hash instead
// ...
///////////////////////////////////////////////////////////////////
//
// Usage during login (checking the user record) :
//
///////////////////////////////////////////////////////////////////
// include the class
require ("PassHash.php");
// read all form input from $_POST
// ...
// fetch the user record based on $_POST['username'] or similar
// ...
// check the password the user tried to login with
if (PassHash::check_password($user['pass_hash'], $_POST['password'])) {
// grant access
// ...
} else {
// deny access
// ...
}
Revision: 58376
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at July 11, 2012 16:48 by ptodorov
Initial Code
//
// PassHash.php (Utility class):
//
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
return crypt($password,
self::$algo .
self::$cost .
'$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
$full_salt = substr($hash, 0, 29);
$new_hash = crypt($password, $full_salt);
return ($hash == $new_hash);
}
}
///////////////////////////////////////////////////////////////////
//
// Usage during registration (creating a new user record) :
//
///////////////////////////////////////////////////////////////////
// include the class
require ("PassHash.php");
// read all form input from $_POST
// ...
// do your regular form validation stuff
// ...
// hash the password
$pass_hash = PassHash::hash($_POST['password']);
// store all user info in the DB, excluding $_POST['password']
// store $pass_hash instead
// ...
///////////////////////////////////////////////////////////////////
//
// Usage during login (checking the user record) :
//
///////////////////////////////////////////////////////////////////
// include the class
require ("PassHash.php");
// read all form input from $_POST
// ...
// fetch the user record based on $_POST['username'] or similar
// ...
// check the password the user tried to login with
if (PassHash::check_password($user['pass_hash'], $_POST['password']) {
// grant access
// ...
} else {
// deny access
// ...
}
Initial URL
http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
Initial Description
Nice implementation of Blowfish for storing user passwords to prevent decryption when for example the user database is compromised. Origin: Burak Guzel@Nettuts
Initial Title
Password storing/checking class. Keeping passwords safe.
Initial Tags
login, security
Initial Language
PHP