mikegioia/password_hash.php

## password_hash.php
/**
 * Hash the password using bcrypt algorithm. This function takes
 * in a plaintext password, generates a strong and random salt,
 * and returns the crypted password to be stored for the user.
 *
 * @param string $password
 * @return string | false
 */
public static function passwordHash( $password, $options = array() )
{
    $cost = map( $options, 'cost', 10 );
    $raw_salt_len = map( $options, 'raw_salt_len', 16 );
    $required_salt_len = map( $options, 'required_salt_len', 22 );

    // generate the salted hash from urandom using our cost. we
    // need to replace plus signs because it causes problems.
    //
    $hash_format = sprintf( "$2a$%02d$", $cost );
    $buffer = mcrypt_create_iv( $raw_salt_len, MCRYPT_DEV_URANDOM );
    $salt = str_replace( '+', '.', base64_encode( $buffer ) );
    $salt = substr( $salt, 0, $required_salt_len );
    $hash = $hash_format . $salt;

    // encrypt the password with the salted hash
    //
    $return = crypt( $password, $hash );

    if ( ! is_string( $return ) || strlen( $return ) <= 13 )
    {
        return FALSE;
    }

    return $return;
}

/**
 * Verify a password against a hash using a timing attack resistant
 * approach.
 *
 * @param string $password
 * @param string $hash
 * @return boolean
 */
public static function passwordVerify( $password, $hash )
{
    $ret = crypt( $password, $hash );
    $status = 0;

    if ( !is_string( $ret )
        || strlen( $ret ) != strlen( $hash )
        || strlen( $ret ) <= 13 )
    {
        return FALSE;
    }

    for ( $i = 0; $i < strlen( $ret ); $i++ )
    {
        $status |= ( ord( $ret[ $i ] ) ^ ord( $hash[ $i ] ) );
    }

    return $status === 0;
}
	/**
	* Hash the password using bcrypt algorithm. This function takes
	* in a plaintext password, generates a strong and random salt,
	* and returns the crypted password to be stored for the user.
	*
	* @param string $password
	* @return string \| false
	*/
	public static function passwordHash( $password, $options = array() )
	{
	$cost = map( $options, 'cost', 10 );
	$raw_salt_len = map( $options, 'raw_salt_len', 16 );
	$required_salt_len = map( $options, 'required_salt_len', 22 );

	// generate the salted hash from urandom using our cost. we
	// need to replace plus signs because it causes problems.
	//
	$hash_format = sprintf( "$2a$%02d$", $cost );
	$buffer = mcrypt_create_iv( $raw_salt_len, MCRYPT_DEV_URANDOM );
	$salt = str_replace( '+', '.', base64_encode( $buffer ) );
	$salt = substr( $salt, 0, $required_salt_len );
	$hash = $hash_format . $salt;

	// encrypt the password with the salted hash
	//
	$return = crypt( $password, $hash );

	if ( ! is_string( $return ) \|\| strlen( $return ) <= 13 )
	{
	return FALSE;
	}

	return $return;
	}

	/**
	* Verify a password against a hash using a timing attack resistant
	* approach.
	*
	* @param string $password
	* @param string $hash
	* @return boolean
	*/
	public static function passwordVerify( $password, $hash )
	{
	$ret = crypt( $password, $hash );
	$status = 0;

	if ( !is_string( $ret )
	\|\| strlen( $ret ) != strlen( $hash )
	\|\| strlen( $ret ) <= 13 )
	{
	return FALSE;
	}

	for ( $i = 0; $i < strlen( $ret ); $i++ )
	{
	$status \|= ( ord( $ret[ $i ] ) ^ ord( $hash[ $i ] ) );
	}

	return $status === 0;
	}