Home >Backend Development >PHP Tutorial >PHP 5.5 The easiest way to create and verify hashes_PHP Tutorial

PHP 5.5 The easiest way to create and verify hashes_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 10:38:50884browse

PHP 5.5.0 was released yesterday and brings a comprehensive list of new features and functions. One of the new APIs is the Password Hashing API. It contains 4 functions: password_get_info(), password_hash(), password_needs_rehash(), and password_verify(). Let’s understand each function step by step. ​ We first discuss the password_hash() function. This will be used as the hash value to create a new password. It contains three parameters: password, hash algorithm, options. The first two items are required. You can use this function according to the following example: ​ 1 $password = 'foo'; 2 $hash = password_hash($password,PASSWORD_BCRYPT); 3 //$2y$10$uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu
​ You'll notice that we didn't add any options to this hash. The available options are now limited to two: cost and salt. To add options you need to create an associative array. ​ 1 $options = [ 'cost' => 10, 2 'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM) ];
​ After adding the option to the password_hash() function, our hash value changes and is more secure. ​ 1 $hash = password_hash($password,PASSWORD_BCRYPT,$options); 2 //$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22
​ Now that the hash is created, we can view information about the new hash value through password_get_info(). password_get_info() takes one argument - the hash value - and returns a parameter containing the algorithm (an integer representation of the hashing algorithm used), the algorithm name (the human-readable name of the hashing algorithm used), and the options we used to create the hash associative array of value options). ​ 01 var_dump(password_get_info($hash)); 02 /* 03 array(3) { 04 ["algo"]=> 05 int(1) 06 ["algoName"]=> 07 string(6) "bcrypt" 08 ["options"]=> 09 array(1) { 10 ["cost"]=> 11 int(10) 12 } 13} 14 */
​ The first thing to be added to the Password Hashing API is password_needs_rehash(), which accepts three parameters, hash, hash algorithm and options. The first two are required. password_needs_rehash() is used to check whether a hash value was created using a specific algorithm and options. This is useful if your database is damaged and you need to adjust the hash. By checking each hash value with password_needs_rehash(), we can see whether the existing hash value matches the new parameter, affecting only those values ​​created with the old parameter. ​ Finally, we have created our hash, looked up how it was created, checked to see if it needs to be re-hashed, now we need to verify it. To verify plain text to its hash value, we must use password_verify(), which takes two parameters, password and hash value, and will return TRUE or FALSE. Let's check the hashed we got to see if it's correct. ​ 1 $authenticate = password_verify('foo','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22'); 2 //TRUE 3 $authenticate = password_verify('bar','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22'); 4 //FALSE
​ With the above knowledge, you can quickly and securely create hashed passwords in the new PHP 5.5.0 version.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/735059.htmlTechArticlePHP 5.5.0 was released yesterday and brings a complete list of new features and functions. One of the new APIs is the Password Hashing API. It contains 4 functions: password_get_info(), password...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn