Posted By

feeela on 08/01/12


Tagged

password hash


Versions (?)

Who likes this?

2 people have marked this snippet as a favorite

niittymaa
tux-world


passwordHash() – generate salted passwords


 / Published in: PHP
 

Simple password hashing function without recursion using a salt, that is stored together with the password.

  1. /**
  2.  * Generate salted password, using new salt or exiting one from the password itself.
  3.  *
  4.  * @param string $plainTextPassword
  5.  * @param string $salt default = NULL (create new salt)
  6.  * @param int $saltLength default = 9 (the salt is the first X chars of the password hash)
  7.  * @return string password-hash
  8.  */
  9. function passwordHash( $plainTextPassword, $salt = null, $saltLength = 9 )
  10. {
  11. if( is_null( $salt ) )
  12. {
  13. // create new salt
  14. $salt = substr( sha1( uniqid( mt_rand(), true) ), 0, $saltLength );
  15. }
  16. else
  17. {
  18. $salt = substr( $salt, 0, $saltLength );
  19. }
  20. return $salt . hash( 'sha256', $salt . $plainTextPassword );
  21. }
  22.  
  23.  
  24. /* create new password */
  25. $newPassword = passwordHash( 'plaintext_password_from_user_input', null );
  26.  
  27.  
  28. /* check given plaintext password against hashed one from database */
  29. // query the password hash from the database; $row is a single result row
  30. if( $row['password'] == passwordHash( 'plaintext_password_from_user_input', $row['password'] ) )
  31. {
  32. /* the users password was correct, login successful */
  33. }

Report this snippet  

You need to login to post a comment.