gabbsmo · December 15, 2015 07:59
diff --git a/password_hash.php b/password_hash.php
 <?php
 	/* User creates new account */
 	/* Save hashed password and salt to db */
 	//Username and password from $_POST
 	$username = 'username';
 	$password = 'password';
 	
 	//Blowfish algorithm with a cost of 10
 	$algo = '$2a$10$';
 	//Generate a salt with no prefix and a high entropy of 23 chars
 	$salt = uniqid('', true);
 	
 	//Hash the password using Blowfish and our salt
 	$hash = crypt($password, $algo . $salt);
 	//TODO: Save hash and salt to db
 	
 	
 	/* User attempts to login */
 	/* Hash user input with salt in db and compare to hash in db */
 	//TODO: Get salt and hash from db
 	$new_hash = crypt($password, $algo . $salt);
 	
 	echo "Password: ${password}<br />";
 	echo "Salt: ${salt}<br />";
 	echo "Hash: ${hash}<br />";
 	echo "New hash: ${new_hash}<br />";
 	
 	//True if hash in db match the new hash generated from user input
 	if ($hash == $new_hash)
 		echo 'True!';
 ?>
	<?php
	/* User creates new account */
	/* Save hashed password and salt to db */
	//Username and password from $_POST
	$username = 'username';
	$password = 'password';

	//Blowfish algorithm with a cost of 10
	$algo = '$2a$10$';
	//Generate a salt with no prefix and a high entropy of 23 chars
	$salt = uniqid('', true);

	//Hash the password using Blowfish and our salt
	$hash = crypt($password, $algo . $salt);
	//TODO: Save hash and salt to db


	/* User attempts to login */
	/* Hash user input with salt in db and compare to hash in db */
	//TODO: Get salt and hash from db
	$new_hash = crypt($password, $algo . $salt);

	echo "Password: ${password}<br />";
	echo "Salt: ${salt}<br />";
	echo "Hash: ${hash}<br />";
	echo "New hash: ${new_hash}<br />";

	//True if hash in db match the new hash generated from user input
	if ($hash == $new_hash)
	echo 'True!';
	?>