Jump to content

Recommended Posts

<Newbie>My learning curve is almost vertical at the moment</Newbie>

 

Over the last few months I have started migrating my VB application. Development has been on a PHP 5.5.16 system

 

I have signed up to a hosting company which supports PHP 5.4.34 and my system does not work.

 

Much digging and learning I discovered the password_hash function (using PASSWORD_BCRYPT) is causing the issue on the hosted 5.4 system

 

So question is this. I would like to continue with 5.5 but I need to know what features/functions are not in 5.4 (is there a list) and is there a list of workarounds to help me implement 5.5 functionality in a 5.4 install

 

Thanks

 

You should add to check if the function exists and take different actions

if (function_exists('password_hash')) {
    //use password_hash
} else {
   //use crypt blowfish with a salt http://php.net/manual/en/function.crypt.php
}

blowfish is only available 5.3+

 

A function I found on the net

function generateHash($password) {
    if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
        $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
        return crypt($password, $salt);
    }
}

can also do something like this

function salted_pass($value)
{
    if (!$value) {
        $value = "some-default-value";
    }
    $salt = mcrypt_create_iv(22, MCRYPT_RAND);
    $salt = base64_encode($salt);
    $salt = str_replace('+', '.', $salt);
    return crypt($value, '$2y$10$' . $salt . '$');
}

mcrypt_create_iv

You should add to check if the function exists and take different actions

if (function_exists('password_hash')) {
    //use password_hash
} else {
   //use crypt blowfish with a salt http://php.net/manual/en/function.crypt.php
}

blowfish is only available 5.3+

 

A function I found on the net

function generateHash($password) {
    if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
        $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
        return crypt($password, $salt);
    }
}

can also do something like this

function salted_pass($value)
{
    if (!$value) {
        $value = "some-default-value";
    }
    $salt = mcrypt_create_iv(22, MCRYPT_RAND);
    $salt = base64_encode($salt);
    $salt = str_replace('+', '.', $salt);
    return crypt($value, '$2y$10$' . $salt . '$');
}

mcrypt_create_iv

 

Thanks for the reply, which raises another question:

 

If I use a Blowfish replacement (5.4) and PHP is updated to 5.5, will the Blowfish function be compatible with the replacement you suggest?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.