Home >Backend Development >PHP Tutorial >Detailed explanation of hash creation and verification methods in PHP5_PHP Tutorial

Detailed explanation of hash creation and verification methods in PHP5_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 10:47:491050browse

If you use the php5.5 version, our hash creation and verification methods are much simpler. PHP 5.5 provides us with 4 functions: password_get_info(), password_hash(), password_needs_rehash(), and password_verify() , with these four we can quickly implement hash creation and verification.

First discuss the password_hash() function. This will be used as the hash value to create a new password. It contains three parameters: password, hash algorithm, options. The first two items are required. You can use this function according to the following example:

The code is as follows Copy code
 代码如下 复制代码

$password = 'foo';
$hash = password_hash($password,PASSWORD_BCRYPT);
//y$uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu

$password = 'foo';
$hash = password_hash($password,PASSWORD_BCRYPT);
//$2y$10$uOegXJ09qznQsKvPfxr61uWjpJBxVDH2KGJQVnodzjnglhs2WTwHu

You will notice that we did not add any options to this hash. The available options are now limited to two: cost and salt. To add options you need to create an associative array.
 代码如下 复制代码
$options = [ 'cost' => 10,
             'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM) ];

After adding the option to the password_hash() function, our hash value changes and is more secure.
 代码如下 复制代码
$hash = password_hash($password,PASSWORD_BCRYPT,$options);
//y$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22

Now that the hash is created, we can view information about the new hash value through password_get_info(). password_get_info() takes one argument - the hash value - and returns a parameter containing the algorithm (an integer representation of the hashing algorithm used), the algorithm name (the human-readable name of the hashing algorithm used), and the options we used to create the hash associative array of value options).
 代码如下 复制代码
var_dump(password_get_info($hash));
/*
array(3) {
  ["algo"]=>
  int(1)
  ["algoName"]=>
  string(6) "bcrypt"
  ["options"]=>
  array(1) {
    ["cost"]=>
    int(10)
  }
}

*/The first one added to the Password Hashing API is password_needs_rehash(), which accepts three parameters, hash, hash algorithm and options. The first two are required. password_needs_rehash() is used to check whether a hash value was created using a specific algorithm and options. This is useful if your database is damaged and you need to adjust the hash. By checking each hash value with password_needs_rehash(), we can see whether the existing hash value matches the new parameter, affecting only those values ​​created with the old parameter.

Finally, we have created our hash, looked up how it was created, checked whether it needs to be re-hashed, now we need to verify it. To verify plain text to its hash value, we must use password_verify(), which takes two parameters, password and hash value, and will return TRUE or FALSE. Let's check the hashed we got to see if it's correct.

Example
The code is as follows
 代码如下 复制代码

$authenticate = password_verify('foo','y$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22');
//TRUE
$authenticate = password_verify('bar','y$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22');
//FALSE

Copy code

$authenticate = password_verify('foo','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22');
//TRUE
$authenticate = password_verify('bar','$2y$10$JDJ5JDEwJDhsTHV6SGVIQuprRHZnGQsUEtlk8Iem0okH6HPyCoo22');
//FALSE

 代码如下 复制代码

// See the password_hash() example to see where this came from.
$hash = 'y$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
以上例程会输出:

Password is valid!

Example #1 password_verify() example
The code is as follows

Copy code
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'; if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
The above routine will output: Password is valid! With the above knowledge, you can quickly and securely create hash passwords in the new PHP 5.5.0 version.
http://www.bkjia.com/PHPjc/632836.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/632836.htmlTechArticleIf you use the php5.5 version, our hash creation and verification methods are much simpler. PHP 5.5 is We provide 4 functions: password_get_info(), password_hash(), password_needs...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn