// Include the phpass library
require_once('phpass-03/PasswordHash.php')
// Initialize the hasher without portable hashes (this is more secure)
$hasher = new PasswordHash(8, false);
// Hash the password. $hashedPassword will be a 60-character string.
$hashedPassword = $hasher->HashPassword('my super cool password');
// You can now safely store the contents of $hashedPassword in your database!
// Check if a user has provided the correct password by comparing what they
// typed with our hash
$hasher->CheckPassword('the wrong password', $hashedPassword); // false
$hasher->CheckPassword('my super cool password', $hashedPassword); // true
?>
陷阱
许多资源可能推荐你在哈希之前对你的密码“加盐”。想法很好,但phpass在HashPassword()函数中已经对你的密码“加盐”了,这意味着你不需要自己“加盐”。
进一步阅读