David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: dw
Branches Tags
lychee
/
php
/
helpers
/
getHashedString.php

getHashedString.php 977 B
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. <?php
    2. 

  2. 

  3. function getHashedString($password) {
    4. 

  4. 

  5. 	// Inspired by http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
    6. 

  6. 

  7. 	// A higher $cost is more secure but consumes more processing power
    8. 

  8. 	$cost = 10;
    9. 

  9. 

  10. 	// Create a random salt
    11. 

  11. 	if (extension_loaded('openssl')) {
    12. 

  12. 

  13. 		$salt = strtr(substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22), '+', '.');
    14. 

  14. 

  15. 	} elseif (extension_loaded('mcrypt')) {
    16. 

  16. 

  17. 		$salt = strtr(substr(base64_encode(mcrypt_create_iv(17, MCRYPT_DEV_URANDOM)),0,22), '+', '.');
    18. 

  18. 

  19. 	} else {
    20. 

  20. 

  21. 		$salt = '';
    22. 

  22. 

  23. 		for ($i = 0; $i < 22; $i++) {
    24. 

  24. 			$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1);
    25. 

  25. 		}
    26. 

  26. 

  27. 	}
    28. 

  28. 

  29. 	// Prefix information about the hash so PHP knows how to verify it later.
    30. 

  30. 	// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
    31. 

  31. 	$salt = sprintf("$2a$%02d$", $cost) . $salt;
    32. 

  32. 

  33. 	// Hash the password with the salt
    34. 

  34. 	return crypt($password, $salt);
    35. 

  35. 

  36. }
    37. 

  37. 

  38. ?>
    39.