Using PHPass in your Web Applications

phpass.fwphpass (pronounced “pH pass”) is a portable public domain password hashing framework for use in PHP applications.

How to use?

First step – Download the phpass Library Download

Second is to include the phpass library into our code.

1
require_once ('class-phpass.php');

then we instantiate the class

1
$wp_hasher = new PasswordHash(8, TRUE);

PasswordHash class adds salt to the password and hashes it with 8 passes of MD5. MD5 is used by default because it’s supported on all platforms.

To generate a password you can do this:

1
 echo $wp_hasher->HashPassword('test');

Comparing plain password and hashed password:

1
2
3
4
5
6
7
8
$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'test';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}