Last active
August 29, 2015 14:18
-
-
Save snellingio/8906a3d3f4966b34b61b to your computer and use it in GitHub Desktop.
Storing passwords the right way
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Hash a password | |
| * | |
| * @param string $password the password | |
| * @param string $verify the password you want to verify, null just encrypts | |
| * | |
| * @return string the hashed password, the success of verification | |
| */ | |
| public function password_hash($password) | |
| { | |
| $rijndael = new \Crypt_Rijndael(); | |
| $rijndael->setKey(APPLICATION_SECRET); | |
| $password = password_hash( | |
| $password, | |
| PASSWORD_BCRYPT, | |
| array( | |
| 'cost' => 13 | |
| ) | |
| ); | |
| return base64_encode($rijndael->encrypt($password)); | |
| } | |
| /** | |
| * Verify a password | |
| * | |
| * @param string $password the encrypted password | |
| * @param string $verify the password you want to verify | |
| * | |
| * @return boolean the hashed password, the success of verification | |
| */ | |
| public function password_verify($password, $verify) | |
| { | |
| $rijndael = new \Crypt_Rijndael(); | |
| $rijndael->setKey(APPLICATION_SECRET); | |
| $password = $rijndael->decrypt(base64_decode($password)); | |
| return password_verify($verify, $password); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment