PHP5.5 the simplest way to create and verify a hash

Source: Internet
Author: User
PHP5.5.0 has been released recently and brings a complete list of new features and functions. One of the new APIs is PasswordHashingAPI. It contains four functions: password_get_info (), password_hash (), password_needs_rehash (), and password_ver. we will first discuss the password_hash () function. This will be used as the hash value for creating a new password. It contains three parameters: password, hash algorithm, and option. The first two items are required. You can use this function as follows:
The code is as follows:
$ Password = 'foo ';
$ Hash = password_hash ($ password, PASSWORD_BCRYPT );
// $ 2y $10 $ uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu

You will notice that we have not added any options for this hash. Currently, two available options are available: cost and salt. You need to create an associated array.
The code is as follows:
$ Options = ['cost' => 10,
'Salt' => mcrypt_create_iv (22, MCRYPT_DEV_URANDOM)];

After the option is added to the password_hash () function, our hash value is changed, which is more secure.
The code is as follows:
$ Hash = password_hash ($ password, PASSWORD_BCRYPT, $ options );
// $ 2y $10 $ JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22

Now that the hash is created, you can use password_get_info () to view information about the hash value. Password_get_info () requires a parameter -- hash value -- and returns a contains algorithm (represented by an integer of the hash algorithm used), Algorithm Name (readable name of the hash algorithm used) and the associated array of options (which we use to create the hash value option.
The code is as follows:
Var_dump (password_get_info ($ hash ));
/*
Array (3 ){
["Algo"] =>
Int (1)
["AlgoName"] =>
String (6) "bcrypt"
["Options"] =>
Array (1 ){
["Cost"] =>
Int (10)
}
}
*/

First, password_needs_rehash () is added to the Password Hashing API. it accepts three parameters: hash, hash algorithm, and option. The first two parameters are required. Password_needs_rehash () is used to check whether a hash value is created using a specific algorithm and option. This is useful when your database is damaged and you need to adjust the hash. By using password_needs_rehash () to check each hash value, we can see whether the existing hash value matches the new parameter, only the values created using the old parameter are affected.
Finally, we have created our hash value, checked how it is created, and checked whether it needs to be re-hash. now we need to verify it. To verify the plain text to its hash value, we must use password_verify (). it requires two parameters, password and hash value, and returns TRUE or FALSE. Let's check the hashed we obtained once to see if it is correct.
The code is as follows:
$ Authenticate = password_verify ('foo', '$ 2y $10 $ JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22 ');
// TRUE
$ Authenticate = password_verify ('bar', '$ 2y $10 $ JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22 ');
// FALSE

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.