Posted By

StevenW721 on 01/04/12


Tagged

password validation hash


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

treo
ModServ
wizard04


Password Hash and Validation


 / Published in: PHP
 

Calling generateHash() with a single argument (the plain text password) will cause a random string to be generated and used for the salt. The resulting string consists of the salt followed by the SHA-1 hash - this is to be stored away in your database. When you're checking a user's login, the situation is slightly different in that you already know the salt you'd like to use. The string stored in your database can be passed to generateHash() as the second argument when generating the hash of a user-supplied password for comparison.

  1. function generate_hash ($plain_text, $salt = null) {
  2.  
  3. if ($salt === null) {
  4. $salt = substr(md5(uniqid(rand(), true)), 0, 12);
  5. } else {
  6. $salt = substr($salt, 0, 12);
  7. }
  8.  
  9. return $salt . sha1($salt . $plain_text);
  10.  
  11. }

Report this snippet  

You need to login to post a comment.