Jelix 1.6.40

password.php

A Compatibility library with PHP 5.5's simplified password hashing API.

Tags
author

Anthony Ferrara ircmaxell@php.net

contributor

Laurent Jouanneau laurent@jelix.org

license

http://www.opensource.org/licenses/mit-license.html MIT License

copyright

2012 The Authors

Table of Contents

PASSWORD_BCRYPT  = 1
PASSWORD_DEFAULT  = PASSWORD_BCRYPT
can_use_password_API()  : mixed
function to check if the password API can be used In some PHP version ( <5.3.7), crypt() with blowfish is vulnerable.
password_hash()  : mixed
Hash the password using the specified algorithm
password_get_info()  : array<string|int, mixed>
Get information about the password hash. Returns an array of the information that was used to generate the password hash.
password_needs_rehash()  : bool
Determine if the password hash needs to be rehashed according to the options provided
password_verify()  : bool
Verify a password against a hash using a timing attack resistant approach

Constants

PASSWORD_BCRYPT

public mixed PASSWORD_BCRYPT = 1

PASSWORD_DEFAULT

public mixed PASSWORD_DEFAULT = PASSWORD_BCRYPT

Functions

can_use_password_API()

function to check if the password API can be used In some PHP version ( <5.3.7), crypt() with blowfish is vulnerable.

can_use_password_API() : mixed

But this issue has been fixed on some older PHP version (php 5.3.3 for most of them) in some distro, like Debian squeeze.

Tags
see
http://www.php.net/security/crypt_blowfish.php
Return values
mixed

password_hash()

Hash the password using the specified algorithm

password_hash(string $password, int $algo[, array<string|int, mixed> $options = array() ]) : mixed
Parameters
$password : string

The password to hash

$algo : int

The algorithm to use (Defined by PASSWORD_* constants)

$options : array<string|int, mixed> = array()

The options for the algorithm to use

Tags
returns

string|false The hashed password, or false on error.

Return values
mixed

password_get_info()

Get information about the password hash. Returns an array of the information that was used to generate the password hash.

password_get_info(string $hash) : array<string|int, mixed>

array( 'algo' => 1, 'algoName' => 'bcrypt', 'options' => array( 'cost' => 10, ), )

Parameters
$hash : string

The password hash to extract info from

Return values
array<string|int, mixed>

The array of information about the hash.

password_needs_rehash()

Determine if the password hash needs to be rehashed according to the options provided

password_needs_rehash(string $hash, int $algo[, array<string|int, mixed> $options = array() ]) : bool

If the answer is true, after validating the password using password_verify, rehash it.

Parameters
$hash : string

The hash to test

$algo : int

The algorithm used for new password hashes

$options : array<string|int, mixed> = array()

The options array passed to password_hash

Return values
bool

True if the password needs to be rehashed.

password_verify()

Verify a password against a hash using a timing attack resistant approach

password_verify(string $password, string $hash) : bool
Parameters
$password : string

The password to verify

$hash : string

The hash to verify against

Return values
bool

If the password matches the hash

Search results