Last active
August 29, 2015 14:26
-
-
Save HSPDev/9217449296637206f63a to your computer and use it in GitHub Desktop.
Password rehashing in PHP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $password = 'rasmuslerdorf'; | |
| $hash = '$2y$10$YCFsG6elYca568hBi2pZ0.3LDL5wjgxct1N8w/oLR/jfHsiQwCqTS'; | |
| // The cost parameter can change over time as hardware improves | |
| $options = array('cost' => 11); | |
| // Verify stored hash against plain-text password | |
| if (password_verify($password, $hash)) { | |
| // Check if a newer hashing algorithm is available | |
| // or the cost has changed | |
| if (password_needs_rehash($hash, PASSWORD_DEFAULT, $options)) { | |
| // If so, create a new hash, and replace the old one | |
| $newHash = password_hash($password, PASSWORD_DEFAULT, $options); | |
| //SAVE YOUR NEW HASH IN DATABASE FOR THIS USER IF YOU END UP IN THIS BLOCK. | |
| } | |
| // Log user in | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment