Outils pour utilisateurs

Outils du site


php:password_hash

Petit test avec password_hash() et password_verify() (PHP 5.5+)

index.php
<?php
$hash = false;
if (file_exists('hash.php')) {
	$hash = str_replace('<?php die; ?>', '', file_get_contents('hash.php')); 
	if (!empty($_POST)) {
		if(isset($_POST['login']) && isset($_POST['password'])) {
			if (password_verify($_POST['login'].$_POST['password'], $hash)) {
			echo '++ valid credentials !! \o/ ++';
			} else {
			 echo '--- invalid credentials ---';
			}
		}
	}
}
 
else {
	if (!empty($_POST)) {
		if(isset($_POST['login']) && isset($_POST['password'])) {
			$options = ['cost' => 12];
			$hash = password_hash($_POST['login'].$_POST['password'], PASSWORD_DEFAULT, $options);
			file_put_contents('hash.php', '<?php die; ?>'.$hash);
			echo 'hash stored: '.$hash;
		}
	}
	else echo "no hash: a new one will be stored";
}
 
?>
 
<!doctype html>
<html>
<head><meta charset="UTF-8" /></head>
<body>
<form method=post action=".">
<input placeholder="Login" type="text" tabindex="1" name="login" value="">
<input placeholder="Password" type="password" tabindex="2" name="password">
<input type="submit" tabindex="3">
</form>
</body>
</html>
php/password_hash.txt · Dernière modification: 2014/01/20 17:43 par mitsu