PHP5-detailed explanation of the creation and verification methods

If you use php5.5, the hash creation and verification methods are much simpler. PHP5.5 provides us with four functions: password_get_info (), password_hash (), passwor... if you use php5.5, the hash creation and verification methods are much simpler. PHP 5.5 provides us with four functions: password_get_info (), password_hash (), password_needs_rehash (), and password_verify (). with them, we can quickly create and verify the hash.

First, we will discuss the password_hash () function, which will be used to create a new password hash value. It contains three parameters: password, hash algorithm, and option. The first two items are required. you can use this function according to the following example. the code is as follows:

$password = 'foo'; $hash = password_hash($password,PASSWORD_BCRYPT); //$2y$10$uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu

You will notice that we have not added any options to this hash. Currently, two available options are available: cost and salt. to add options, you need to create an associated array. the code is as follows:

$options = [ 'cost' => 10,'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM) ];

After the option is added to the password_hash () function, the hash value is changed, which is safer. the code is as follows:

$hash = password_hash($password,PASSWORD_BCRYPT,$options);//$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22

Now that the hash is created, you can use password_get_info () to view information about the hash value. password_get_info () A parameter -- hash value -- is required and a contains algorithm (represented by an integer of the hash algorithm used) and algorithm name (readable name of the hash algorithm used) are returned) and the associated array of options (which we use to create the hash value option). The code is as follows:

var_dump(password_get_info($hash)); /* array(3) {   ["algo"]=>   int(1)   ["algoName"]=>   string(6) "bcrypt"   ["options"]=>   array(1) { ["cost"]=> int(10)   }}

First, password_needs_rehash () is added to the Password Hashing API. it accepts three parameters: hash, hash algorithm, and option. The first two parameters are required. password_needs_rehash () it is used to check whether a hash value is created using a specific algorithm and option. this is useful when your database is damaged and you need to adjust the hash value. you can use password_needs_rehash () to check each hash value, we can see whether the existing hash value matches the new parameter, only the values created using the old parameter are affected.

Finally, we have created our hash value, checked how it is created, and checked whether it needs to be re-hash. now we need to verify it, to verify the plain text to its hash value, we must use password_verify (). it requires two parameters, password and hash value, and returns TRUE or FALSE, let's check the hashed we obtained once to see if it is correct. the code is as follows:

$ Authenticate = password_verify ('foo', '$ 2y $10 $ Comment'); // TRUE $ authenticate = password_verify ('bar ', '$ 2y $10 $ JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22'); // FALSE Example example #1 password_verify () Example, the code is as follows:
 

With the above knowledge, you can quickly and securely create a hash password in the new PHP 5.5.0 version.

Tutorial link:

Reprint at will ~ However, please keep the tutorial address★