Simple PHP 5.3+ Bcrypt class and functions php bcrypt
<?php | |
/* | |
By Marco Arment <me@marco.org>. | |
This code is released in the public domain. | |
THERE IS ABSOLUTELY NO WARRANTY. | |
Usage example: | |
// In a registration or password-change form: | |
$hash_for_user = Bcrypt::hash($_POST['password']); | |
// In a login form: | |
$is_correct = Bcrypt::check($_POST['password'], $stored_hash_for_user); | |
// In a login form when migrating entries gradually from a legacy SHA-1 hash: | |
$is_correct = Bcrypt::check( | |
$_POST['password'], | |
$stored_hash_for_user, | |
function($password, $hash) { return $hash == sha1($password); } | |
); | |
if ($is_correct && Bcrypt::is_legacy_hash($stored_hash_for_user)) { | |
$user->store_new_hash(Bcrypt::hash($_POST['password'])); | |
} | |
*/ | |
class Bcrypt | |
{ | |
const DEFAULT_WORK_FACTOR = 8; | |
public static function hash($password, $work_factor = 0) | |
{ | |
if (version_compare(PHP_VERSION, '5.3') < 0) throw new Exception('Bcrypt requires PHP 5.3 or above'); | |
if (! function_exists('openssl_random_pseudo_bytes')) { | |
throw new Exception('Bcrypt requires openssl PHP extension'); | |
} | |
if ($work_factor < 4 || $work_factor > 31) $work_factor = self::DEFAULT_WORK_FACTOR; | |
$salt = | |
'$2a$' . str_pad($work_factor, 2, '0', STR_PAD_LEFT) . '$' . | |
substr( | |
strtr(base64_encode(openssl_random_pseudo_bytes(16)), '+', '.'), | |
0, 22 | |
) | |
; | |
return crypt($password, $salt); | |
} | |
public static function check($password, $stored_hash, $legacy_handler = NULL) | |
{ | |
if (version_compare(PHP_VERSION, '5.3') < 0) throw new Exception('Bcrypt requires PHP 5.3 or above'); | |
if (self::is_legacy_hash($stored_hash)) { | |
if ($legacy_handler) return call_user_func($legacy_handler, $password, $stored_hash); | |
else throw new Exception('Unsupported hash format'); | |
} | |
return crypt($password, $stored_hash) == $stored_hash; | |
} | |
public static function is_legacy_hash($hash) { return substr($hash, 0, 4) != '$2a$'; } | |
} | |
// ============================================================================= | |
// Or, if you don't want the class structure and just want standalone functions: | |
// ============================================================================= | |
function bcrypt_hash($password, $work_factor = 8) | |
{ | |
if (version_compare(PHP_VERSION, '5.3') < 0) throw new Exception('Bcrypt requires PHP 5.3 or above'); | |
if (! function_exists('openssl_random_pseudo_bytes')) { | |
throw new Exception('Bcrypt requires openssl PHP extension'); | |
} | |
if ($work_factor < 4 || $work_factor > 31) $work_factor = 8; | |
$salt = | |
'$2a$' . str_pad($work_factor, 2, '0', STR_PAD_LEFT) . '$' . | |
substr( | |
strtr(base64_encode(openssl_random_pseudo_bytes(16)), '+', '.'), | |
0, 22 | |
) | |
; | |
return crypt($password, $salt); | |
} | |
function bcrypt_check($password, $stored_hash, $legacy_handler = NULL) | |
{ | |
if (version_compare(PHP_VERSION, '5.3') < 0) throw new Exception('Bcrypt requires PHP 5.3 or above'); | |
if (bcrypt_is_legacy_hash($stored_hash)) { | |
if ($legacy_handler) return call_user_func($legacy_handler, $password, $stored_hash); | |
else throw new Exception('Unsupported hash format'); | |
} | |
return crypt($password, $stored_hash) == $stored_hash; | |
} | |
function bcrypt_is_legacy_hash($hash) { return substr($hash, 0, 4) != '$2a$'; } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment