Password hashing class (phpass) converted to CodeIgniter library
Password hashing class phpass was suggested in /r/php/ so I decided to use it on one of my CodeIgniter applications. I changed a bit how constructor works to be able to load it as any other CodeIgniter library and modified it’s methods to be able to call them statically.
If you want to give it a try – download it and copy Hash.php to your /application/libraries directory.
In your controller, load the library:
1 | $this->load->library('hash'); |
Now you can use static methods anywhere in your application – your auth library, users controller, etc.
For example, to hash a password you can do this:
1 | $hash = Hash::HashPassword($this->input->post('password')); |
To verify password:
1 2 3 4 | if (Hash::CheckPassword($this->input->post('password'), $hash) !== TRUE) { // Login failed } |
Hope you’ll find it useful.
Thanks! Just what I needed.
Thanks! work like a charm!
is your library still reliable to use?
@sam I think so, I’ve used it recently on a CI 2.0.2 based project and it was working just fine.
may i know what is for $config['portable'] and $config['iterations'] ?
why not include in .zip for config file?
Setting $config['portable'] to TRUE will basically fall-back to md5() so it’s not recommended unless you are expecting to move your codebase between multiple incompatible environments (i.e. move from the host who supports bcrypt to one that doesn’t).
You can read detailed paper about password hashing here – http://www.openwall.com/articles/PHP-Users-Passwords (highly recommended). It also addresses iteration counts.
I didn’t include config file as defaults work fine for me, but you can certainly extend it on your own.