File: examples.php

Recommend this page to a friend!

???

File:	`???`
Role:	Example script
Content typex:	`text/plain`
Description:	Some examples of use.
Class:	ktHash Generate and verify salted hashes for passwords
Author:	By Looky Looky
Last change:	Script fix.
Date:	14 years ago
Size:	`2,567 bytes`

Download


<?php





/**


 * This hashing function generates message digests that are salted with random


 * salt, so no two hashes of the same input data should produce the same


 * results. The salt is scrambled directly into the output string using a fairly


 * secure scrambling algorithm that makes it virtually impossible for any


 * attacker to uncover it (the salt characters appear in random order at random


 * positions with almost-uniform distribution, therefore are indistinguishable


 * from the hash characters).


 *


 * This hashing function can also verify whether a string is a digest of some


 * input message, use various hashing algorithms (those supplied by PHP's


 * hash_algos(); if you specify an unknown algorithm, the function defaults to


 * SHA1), and you can even provide a key for HMAC variant of the message digest


 * (actually the HMAC variant is always used, but if you don't specify the key,


 * empty string is used instead).


 *


 * Possible usage for this function is generating password hashes; they will be


 * already salted, which is always good, but you don't have to store the salt


 * anywhere in your database, which improves security and simplifies your code.


 * You can also check very easily if the user supplied password on login matches


 * the stored hash.


 */





require_once 'ktHash.php';





define('APPLICATION_SECRET', "This is an application-wide shared secret key.");





$password = "password";





$hash_1 = ktHash::hash($password, APPLICATION_SECRET);  // password hash


$hash_2 = ktHash::hash($password, APPLICATION_SECRET);  // another password hash


$verified_YES_1 = $hash_1 === ktHash::hash($password, APPLICATION_SECRET, $hash_1) ? "YES" : "NO";    // check password hash


$verified_YES_2 = $hash_2 === ktHash::hash($password, APPLICATION_SECRET, $hash_2) ? "YES" : "NO";    // works on this one too


$verified_NO = $hash_1 === ktHash::hash("wrong_password", APPLICATION_SECRET, $hash_1) ? "YES" : "NO";    // but this check fails


$hash_whirlpool = ktHash::hash($password, APPLICATION_SECRET, NULL, "whirlpool");   // use different hashing algorithm





echo $hash_1 . "<br />";


echo $hash_2 . "<br />";


echo $verified_YES_1 . "<br />";


echo $verified_YES_2 . "<br />";


echo $verified_NO . "<br />";


echo $hash_whirlpool . "<br />";





/**


 * Result:


 *


 * 3a2d2532b06d7a94f37b15c1cbf50b89f4e78fc7


 * e810428e1d66af5243a9ef62ac6cc095ac2f5622


 * YES


 * YES


 * NO


 * dd610019e7a794276df956f6a2b168c26ffb71ca967ca9e70476331e21dc109fa822af50085e8af71ef4a3fb37d42aacee55f23461db83101e5d54840a85beba


 */

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.

File: examples.php

Contents