We first discuss the Password_hash () function. This will be used as a hash value for creating a new password. It contains three parameters: password, hash algorithm, options. The first two items are required. You can use this function according to the following example:
Copy CodeThe code is as follows:
$password = ' Foo ';
$hash = Password_hash ($password, Password_bcrypt);
$2y$10$uoegxj09qznqskvpfxr61uwjpjbxvdh2kgjqvnodzjnglhs2wtwhu
You will notice that we do not add any options to this hash. The options available now are limited to two: cost and salt. Demon Add option you need to create an associative array.
Copy CodeThe code is as follows:
$options = [' cost ' = = 10,
' Salt ' = Mcrypt_create_iv (mcrypt_dev_urandom)];
After adding the option to the Password_hash () function, our hash value is changed, which makes it more secure.
Copy CodeThe code is as follows:
$hash = Password_hash ($password, Password_bcrypt, $options);
$2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22
Now that the hash has been created, we can view the new hash with Password_get_info () worth the information. Password_get_info () requires a parameter--the hash value--and returns an associative array that contains the algorithm (the integer representation of the hash algorithm used), the algorithm name (the readable name of the hash algorithm used), and the option (which we use to create the hash-worthy option).
Copy CodeThe code is as follows:
Var_dump (Password_get_info ($hash));
/*
Array (3) {
["Algo"]=>
Int (1)
["AlgoName"]=>
String (6) "Bcrypt"
["Options"]=>
Array (1) {
["Cost"]=>
Int (10)
}
}
*/
The first one to be added to the Password Hashing API is Password_needs_rehash (), which accepts three parameters, hash, hash algorithm, and options, and the first two are required. Password_needs_rehash () is used to check whether a hash value was created using a specific algorithm and options. This is useful if your database is damaged and you need to adjust the hash. By using Password_needs_rehash () to check each hash value, we can see if the existing hash value matches the new parameter, only those values created with the old parameter are affected.
Finally, we've created our hash value, looked at how it was created, checked to see if it needed to be hashed, and now we need to verify it. To verify plain text to its hash value, we must use Password_verify (), which requires two parameters, a password and a hash value, and will return TRUE or FALSE. Let's check if we get the hashed to see if it's right.
Copy CodeThe code is as follows:
$authenticate = password_verify (' foo ', ' $2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22 ');
TRUE
$authenticate = password_verify (' Bar ', ' $2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22 ');
FALSE
http://www.bkjia.com/PHPjc/825081.html www.bkjia.com true http://www.bkjia.com/PHPjc/825081.html techarticle we first discuss the Password_hash () function. This will be used as a hash value for creating a new password. It contains three parameters: password, hash algorithm, options. The first two items are required. You can ...