PHP 5.5 The easiest way to create and verify hashes_PHP Tutorial

PHP 5.5.0 was released yesterday and brings a comprehensive list of new features and functions. One of the new APIs is the Password Hashing API. It contains 4 functions: password_get_info(), password_hash(), password_needs_rehash(), and password_verify(). Let’s understand each function step by step. ​ We first discuss the password_hash() function. This will be used as the hash value to create a new password. It contains three parameters: password, hash algorithm, options. The first two items are required. You can use this function according to the following example: ​ 1 $password = 'foo'; 2 $hash = password_hash($password,PASSWORD_BCRYPT); 3 //$2y$10$uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu
​ You'll notice that we didn't add any options to this hash. The available options are now limited to two: cost and salt. To add options you need to create an associative array. ​ 1 $options = [ 'cost' => 10, 2 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM) ];
​ After adding the option to the password_hash() function, our hash value changes and is more secure. ​ 1 $hash = password_hash($password,PASSWORD_BCRYPT,$options); 2 //$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22
​ Now that the hash is created, we can view information about the new hash value through password_get_info(). password_get_info() takes one argument - the hash value - and returns a parameter containing the algorithm (an integer representation of the hashing algorithm used), the algorithm name (the human-readable name of the hashing algorithm used), and the options we used to create the hash associative array of value options). ​ 01 var_dump(password_get_info($hash)); 02 /* 03 array(3) { 04 ["algo"]=> 05 int(1) 06 ["algoName"]=> 07 string(6) "bcrypt" 08 ["options"]=> 09 array(1) { 10 ["cost"]=> 11 int(10) 12 } 13} 14 */
​ The first thing to be added to the Password Hashing API is password_needs_rehash(), which accepts three parameters, hash, hash algorithm and options. The first two are required. password_needs_rehash() is used to check whether a hash value was created using a specific algorithm and options. This is useful if your database is damaged and you need to adjust the hash. By checking each hash value with password_needs_rehash(), we can see whether the existing hash value matches the new parameter, affecting only those values ​​created with the old parameter. ​ Finally, we have created our hash, looked up how it was created, checked to see if it needs to be re-hashed, now we need to verify it. To verify plain text to its hash value, we must use password_verify(), which takes two parameters, password and hash value, and will return TRUE or FALSE. Let's check the hashed we got to see if it's correct. ​ 1 $authenticate = password_verify('foo','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22'); 2 //TRUE 3 $authenticate = password_verify('bar','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22'); 4 //FALSE
​ With the above knowledge, you can quickly and securely create hashed passwords in the new PHP 5.5.0 version.

http://www.bkjia.com/PHPjc/735059.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/735059.htmlTechArticlePHP 5.5.0 was released yesterday and brings a complete list of new features and functions. One of the new APIs is the Password Hashing API. It contains 4 functions: password_get_info(), password...