Difference between #14 and #15 of
Use crypt() for password storage

Revision #15 has been created by fsb on Nov 15, 2014, 6:00:22 PM with the memo:

missing base64_encode()
« previous (#14)

Changes

Title unchanged

Use crypt() for password storage

Category unchanged

Tutorials

Yii version unchanged

Tags unchanged

Authentication, security, password, hash, hashing

Content changed

[...]
From a user account generation form, assume that we have (already sanitized) user input in
`$form->email` and `$form->password`. We generate the hash:

$salt = openssl_random_pseudo_bytes(22);
$salt = '$2a$%13$' . strtr(base64_encode($salt), array('_' => '.', '~' => '/'));
$password_hash = crypt($form->password, $salt);

And insert a row into `user` containing `$form->email` and `$password_hash`.

At user logon assume we again have sanitized user input in `$form->email` and `$form->password`.
[...]
15 0
20 followers
Viewed: 179 479 times
Version: 1.1
Category: Tutorials
Tags: authentication, hash, hashing, password, security
Written by: fsb
Last updated by: fsb
Created on: Nov 27, 2012
Last updated: 10 years ago
Update Article
Revert to #14 | Revert to #15

Revisions

View all history