hashing passwords php code example
Example 1: php hash password
$time = 0.1;
$cost = 10;
do
{
$cost++;
$start = microtime(true);
password_hash('test', PASSWORD_BCRYPT, ['cost' => $cost]);
$end = microtime(true);
}
while (($end - $start) < $time);
echo 'Cost found: ' . $cost;
Example 2: php hash password
include 'pdo.php';
$options = ['cost' => 12];
$login = FALSE;
$username = $_POST['username'];
$password = $_POST['password'];
$query = 'SELECT * FROM accounts WHERE (account_name = :name)';
$values = [':name' => $username];
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
echo 'Query error.';
die();
}
$row = $res->fetch(PDO::FETCH_ASSOC);
if (is_array($row))
{
if (password_verify($password, $row['account_passwd']))
{
$login = TRUE;
}
else
{
if (md5($password) == $row['account_passwd'])
{
$login = TRUE;
$hash = password_hash($password, PASSWORD_DEFAULT, $options);
$query = 'UPDATE accounts SET account_passwd = :passwd WHERE account_id = :id';
$values = [':passwd' => $hash, ':id' => $row['account_id']];
try
{
$res = $pdo->prepare($query);
$res->execute($values);
}
catch (PDOException $e)
{
echo 'Query error.';
die();
}
}
}
}