The easiest way to create and validate a hash using PHP 5.5

Source: Internet
Author: User
Tags array contains functions hash new features requires

The PHP 5.5.0 was released yesterday and brings a complete list of new features and functions. One of the new APIs is the password hashing API. It contains 4 functions: Password_get_info (), Password_hash (), Password_needs_rehash (), and Password_ Verify (). Let's take a step-by-step look at each function.

We first discuss the Password_hash () function. This will be used as a hash value for creating a new password. It contains three parameters: password, hash algorithm, option. The first two items are required. You can use this function according to the following example:

1 $password = ' Foo ';
2 $hash = Password_hash ($password, Password_bcrypt);
3 $2y$10$uoegxj09qznqskvpfxr61uwjpjbxvdh2kgjqvnodzjnglhs2wtwhu

You will notice that we have not given this hash any options. The options available now are limited to two: cost and salt. Demon Add option you need to create an associative array.

1 $options = [' Cost ' => 10,
2 ' Salt ' => Mcrypt_create_iv (mcrypt_dev_urandom)];

After adding the option to the Password_hash () function, our hash value is changed, which is more secure.

1 $hash = Password_hash ($password, Password_bcrypt, $options);
2 $2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22

Now that the hash is created, we can see that the new hash is worth the information by Password_get_info (). Password_get_info () requires an argument--a hash value--and returns an associative array that contains the algorithm (the integer representation of the hash algorithm used), the algorithm name (the readable name of the hash algorithm used), and the option (we use to create the hash-worthy option).

01 Var_dump (Password_get_info ($hash));
02 /*
03 Array (3) {
04 ["Algo"]=>
05 Int (1)
06 ["AlgoName"]=>
07 String (6) "Bcrypt"
08 ["Options"]=>
09 Array (1) {
10 ["Cost"]=>
11 Int (10)
12 }
13 }
14 */

The first one to be added to the Password hashing API is Password_needs_rehash (), which accepts three parameters, hash, hash algorithm, and options, and the first two are required fields. Password_needs_rehash () is used to check whether a hash value was created using a specific algorithm and option. This is useful when your database is compromised and you need to adjust the hash. By using Password_needs_rehash () to check each hash value, we can see whether the saved hash value matches the new parameter and affects only those values created with the old parameter.

Finally, we've created our hash value, looked at how it was created, looked up whether it needed to be hashed, and now we need to validate it. To validate plain text to its hash value, we must use Password_verify (), which requires two parameters, a password and a hash value, and returns TRUE or FALSE. Let's check the hashed we've got to see if it's right.

1 $authenticate = password_verify (' foo ', ' $2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22 ');
2 TRUE
3 $authenticate = password_verify (' Bar ', ' $2y$10$jdj5jdewjdhsthv6sgviquprrhzngqsuetlk8iem0okh6hpycoo22 ');
4 FALSE

With the above knowledge, you can quickly and securely create a hash password in the new PHP 5.5.0 version.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.