Is this correct? OOP class to get salted PW hash?

[nakins]

<?php

class Phash
{
public function __construct(){

const saltLenght = 20;
public $_salt;

}

public function getSalted($_POST['password'], $_salt)
{
    if ($_salt === null)
    {
        $_salt = substr(md5(uniqid(rand(), true)), 0, saltLenght);
    }
    else
    {
        $_salt = substr($_salt, 0, saltLenght);
    }

    return $_salt . sha1($_salt . $_POST['password']);
}

}

[trq]

There's no need for a class here if that is all it does. Also, you should be overriding $_POST['password'] like that.

[Fadion]

As thorpe mentioned, the functionality in here is very limited to be a class of it's own. If you have a user class or whatever, just stick the salting in there. Anyway, to get to the question, I rewrote your class to the one below:

 

<?php
class PHash {
private $salt_length = 20;

public function makeSalt ($password, $salt) {
	if ($salt === NULL) {
		$salt = substr(md5(uniqid(rand(), true)), 0, $this->salt_length);
	} else {
		$salt = substr($salt, 0, $this->salt_length);	
	}

	return sha1($salt . $password);
}
}

//object initialization
$phash = new PHash;
$new_pass = $phash->makeSalt('myPASSword2011', 'phpfreaks.com');
?>

 

Simple enough, but at least it works. Keep in mind that a class is just a definition and it's not supposed to process data outside its scope (as the POST superglobal is). An object does that! Plus, you have set a superglobal array element as a method parameter, which adds to the confusion.

[nakins]

Ok, thank you both for replying.  It did clear up a few things for me.