Last active
December 15, 2015 07:59
-
-
Save gabbsmo/5227002 to your computer and use it in GitHub Desktop.
Hashing passwords according to http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* User creates new account */ | |
| /* Save hashed password and salt to db */ | |
| //Username and password from $_POST | |
| $username = 'username'; | |
| $password = 'password'; | |
| //Blowfish algorithm with a cost of 10 | |
| $algo = '$2a$10$'; | |
| //Generate a salt with no prefix and a high entropy of 23 chars | |
| $salt = uniqid('', true); | |
| //Hash the password using Blowfish and our salt | |
| $hash = crypt($password, $algo . $salt); | |
| //TODO: Save hash and salt to db | |
| /* User attempts to login */ | |
| /* Hash user input with salt in db and compare to hash in db */ | |
| //TODO: Get salt and hash from db | |
| $new_hash = crypt($password, $algo . $salt); | |
| echo "Password: ${password}<br />"; | |
| echo "Salt: ${salt}<br />"; | |
| echo "Hash: ${hash}<br />"; | |
| echo "New hash: ${new_hash}<br />"; | |
| //True if hash in db match the new hash generated from user input | |
| if ($hash == $new_hash) | |
| echo 'True!'; | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment