public
Last active

  • Download Gist
password_hash.php
PHP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php
/* User creates new account */
/* Save hashed password and salt to db */
//Username and password from $_POST
$username = 'username';
$password = 'password';
//Blowfish algorithm with a cost of 10
$algo = '$2a$10$';
//Generate a salt with no prefix and a high entropy of 23 chars
$salt = uniqid('', true);
//Hash the password using Blowfish and our salt
$hash = crypt($password, $algo . $salt);
//TODO: Save hash and salt to db
/* User attempts to login */
/* Hash user input with salt in db and compare to hash in db */
//TODO: Get salt and hash from db
$new_hash = crypt($password, $algo . $salt);
echo "Password: ${password}<br />";
echo "Salt: ${salt}<br />";
echo "Hash: ${hash}<br />";
echo "New hash: ${new_hash}<br />";
//True if hash in db match the new hash generated from user input
if ($hash == $new_hash)
echo 'True!';
?>

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.