HASH Library ¶
About ¶
Main purpose of the Library is encapsulate hashing mechanisms and give to them a convenient and simple interface of access:
// give default strategy (task: HASH::COMMON, strategy: HASH::MD5)
$crypt = HASH::getInstance();
// give default strategy for password hashing (strategy: HASH::SHA1_MD5)
$crypt = HASH::getInstance(HASH::PASSWORD);
// give selected strategy for password hashing
$crypt = HASH::getInstance(HASH::PASSWORD, array(
'strategy' => HASH::MD5_SALT_SHA1, // some strategies require salt, by default $salt = substr(md5(__CLASS__), 0, 22)
'salt' => $this->config->item('salt'), // salt, for example, can be stored globally in the site settings
));
Information ¶
- Official page
- You can read a useful article about using crypt() function for password storage (in particular about advantages of the Blowfish algorithm on Yii framework wiki pages
- Discussion in forum
Requirements ¶
- PHP grater or equals than 5.3.0
Preparation ¶
Classes are connected via a relative path. And therefore you must add parent folder of the Library into include path:
set_include_path(get_include_path() . PATH_SEPARATOR . 'path/to/folder/which/contains/HASH');
Work with library ¶
Hashing and comparing:
$crypt = HASH::getInstance(HASH::PASSWORD);
$hash = $crypt->make($string);
if ($crypt->compare($input, $stored)) {
echo 'Match';
} else {
echo 'Do not match';
}
New feature in version 1.3:
if ($crypt->isHashed($password)) {
echo 'Is hashed';
} else {
echo 'Is not hashed';
}
Adapters ¶
Yii ¶
Yii_Hash designed for handy integration the Library with Yii framework.
Setup configuration of the Library:
Yii::setPathOfAlias('HASH', 'path/to/HASH'); // set namespace
return array(
...,
'components' => array(
...,
'hash' => array(
'class' => 'HASH\adapters\Yii_Hash',
'strategies' => array(
'pass' => array(
'strategy' => 17, // or HASH\HASH::BLOWFISH_RANDOM_SALT,
'cost' => 12,
),
),
),
),
);
After that you can use it as usual component Yii:
$hash = Yii::app()->hash->pass->make($input);
if (Yii::app()->hash->pass->compare($input, $stored)) {
echo 'Match';
} else {
echo 'Do not match';
}
Use new method iHash::isHashed() in ActiveRecord:
class User extends CActiveRecord
{
protected function beforeSave()
{
if (parent::beforeSave()) {
/**
* @var iHash $crypt
*/
$crypt = Yii::app()->hash->pass;
if ( ! $crypt->isHashed($this->password)) {
$this->password = $crypt->make($this->password);
}
return true;
}
return false;
}
}
CodeIgniter ¶
CI_Hash designed for handy integration the Library with CodeIgniter framework.
You can define configuration of the Library in hash.php file in config folder of CodeIgniter:
$config = array(
'pass' => array(
'strategy' => HASH::SHA1_MD5_SALT,
'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
),
'email' => array(
'strategy' => HASH::MD5_SALT,
'salt' => 'GswJNrMQAA_Q',
),
);
Or you can put config into loader:
$config = array(
'pass' => array(
'strategy' => HASH::SHA1_MD5_SALT,
'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
),
'email' => array(
'strategy' => HASH::MD5_SALT,
'salt' => 'GswJNrMQAA_Q',
),
);
$this->load->library('hash', $config);
After that you can use it as usual library for CodeIgniter:
$hash = $this->hash->pass->make($input);
if ($this->hash->pass->compare($input, $stored)) {
echo 'Match';
} else {
echo 'Do not match';
}
Silex ¶
SLX_Hash designed for handy integration the Library with Silex framework.
Access to the Library implemented via ServiceProvider:
use HASH\adapters\SLX_Hash as Hash;
$app->register(new Hash(), array(
'hash.task' => HASH::SHA1_MD5_SALT,
'hash.config' => array(
'strategy' => HASH::SHA1_MD5_SALT,
'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
),
));
After that you can use it as usual service provider for Silex:
$pass = 'hash_of_super_secret_pass';
$app->post('login', function (Application $app, Request $request) use ($pass) {
$crypt = $app['hash'];
if ($crypt->compare($request->get('pass'), $pass)) {
echo 'Match';
} else {
echo 'Do not match';
}
})
Unit tests ¶
All tests located at tests folder. You can run it as follows:
% phpunit StrategiesUnitTest
% phpunit ComponentUnitTest
License ¶
Copyright (c) HASH Library from OctoLab
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Mixed Hashes
Hi kamilsk,
I have a problem, I have implemented HASH, as per your instructions, and it all work except for on comparing the password when logging on the hashes do not compare.
I am using only the yii_hash adapter, which is configured in main exactly as instructed, and implemented in this way:
public function authenticate() { $hash = Yii::app()->hash->pass->make($this->password); $record = UserTable::model()->findByAttributes(array('user_name'=>$this->username)); if($record===null) $this->errorCode=self::ERROR_USERNAME_INVALID; if (Yii::app()->hash->pass->compare($hash, $record->password)) { echo 'Match'; } else { $this->errorCode=self::ERROR_PASSWORD_INVALID; } return !$this->errorCode; }I have set default timezone etc, but have not yet had a successful compare.
the save function is implemented as per instructions :
protected function beforeSave() { if (parent::beforeSave()) { /** * @var iHash $crypt */ $crypt = Yii::app()->hash->pass; if ( ! $crypt->isHashed($this->password)) { $this->password = $crypt->make($this->password); } return true; } return false; }Can you shed any light on this please ?
Feedback
Hi, dodgerid! Thanks for using our library and thanks for feedback!:)
"I have a problem, I have implemented HASH, as per your instructions, and it all work except for on comparing the password when logging on the hashes do not compare."
$hash = Yii::app()->hash->pass->make($this->password); if (Yii::app()->hash->pass->compare($hash, $record->password)) { echo 'Match'; } else { ... }You have a small error in the code here. Proper usage:
if (Yii::app()->hash->pass->compare($this->password, $record->password)) { echo 'Match'; } else { ... }And other type error:
if($record===null) $this->errorCode=self::ERROR_USERNAME_INVALID; if (Yii::app()->hash->pass->compare($hash, $record->password)) { // <-- here $record can be null ...Must be:
if ($record===null) { $this->errorCode = self::ERROR_USERNAME_INVALID; } elseif (Yii::app()->hash->pass->compare($this->password, $record->password)) { ... } else { ... }PS: we are working on a new release, and soon it will be available:)
// less strategies and more flexibility $hash = HASH::getInstance()->md5()->salt($salt)->sha1()->make($password); $state = HASH::getInstance()->md5()->salt($salt)->sha1()->getState(); $hash = $state->make($password); if ($state->compare($input, $stored)) { // match }Many Thanks
Many Thanks kamilsk,
Indeed you are correct and it now works correctly.
Many Thanks
HASH 2.0 alpha is ready now
We ready to update our library for supporting Yii 2.0 (and maybe Yii 1.1.x if you need it) and really waiting for feedback!:)
Official repo
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.