Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
/* User creates new account */
/* Save hashed password and salt to db */
//Username and password from $_POST
$username = 'username';
$password = 'password';
//Blowfish algorithm with a cost of 10
$algo = '$2a$10$';
//Generate a salt with no prefix and a high entropy of 23 chars
$salt = uniqid('', true);
//Hash the password using Blowfish and our salt
$hash = crypt($password, $algo . $salt);
//TODO: Save hash and salt to db
/* User attempts to login */
/* Hash user input with salt in db and compare to hash in db */
//TODO: Get salt and hash from db
$new_hash = crypt($password, $algo . $salt);
echo "Password: ${password}<br />";
echo "Salt: ${salt}<br />";
echo "Hash: ${hash}<br />";
echo "New hash: ${new_hash}<br />";
//True if hash in db match the new hash generated from user input
if ($hash == $new_hash)
echo 'True!';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment