David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 145c3f5147
Branches Tags
lychee
/
php
/
helpers
/
getHashedString.php

getHashedString.php 964 B
History Raw

12345678910111213141516171819202122232425262728293031 
  1. <?php
    2. 

  2. 

  3. function getHashedString($password) {
    4. 

  4. 

  5. 	# Inspired by http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
    6. 

  6. 

  7. 	# A higher $cost is more secure but consumes more processing power
    8. 

  8. 	$cost = 10;
    9. 

  9. 

  10. 	# Create a random salt
    11. 

  11. 	if (extension_loaded('openssl')) {
    12. 

  12. 		$salt = strtr(substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22), '+', '.');
    13. 

  13. 	} elseif (extension_loaded('mcrypt')) {
    14. 

  14. 		$salt = strtr(substr(base64_encode(mcrypt_create_iv(17, MCRYPT_DEV_URANDOM)),0,22), '+', '.');
    15. 

  15. 	} else {
    16. 

  16. 		$salt = "";
    17. 

  17. 		for ($i = 0; $i < 22; $i++) {
    18. 

  18. 			$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1);
    19. 

  19. 		}
    20. 

  20. 	}
    21. 

  21. 

  22. 	# Prefix information about the hash so PHP knows how to verify it later.
    23. 

  23. 	# "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
    24. 

  24. 	$salt = sprintf("$2a$%02d$", $cost) . $salt;
    25. 

  25. 

  26. 	# Hash the password with the salt
    27. 

  27. 	return crypt($password, $salt);
    28. 

  28. 

  29. }
    30. 

  30. 

  31. ?>
    32.