62cd89da14
old passwords are automatically upgraded on login
72 lines
1.9 KiB
PHP
72 lines
1.9 KiB
PHP
<?php
|
|
#
|
|
# This is a test program for the portable PHP password hashing framework.
|
|
#
|
|
# Written by Solar Designer and placed in the public domain.
|
|
# See PasswordHash.php for more information.
|
|
#
|
|
|
|
require 'PasswordHash.php';
|
|
|
|
header('Content-type: text/plain');
|
|
|
|
$ok = 0;
|
|
|
|
# Try to use stronger but system-specific hashes, with a possible fallback to
|
|
# the weaker portable hashes.
|
|
$t_hasher = new PasswordHash(8, FALSE);
|
|
|
|
$correct = 'test12345';
|
|
$hash = $t_hasher->HashPassword($correct);
|
|
|
|
print 'Hash: ' . $hash . "\n";
|
|
|
|
$check = $t_hasher->CheckPassword($correct, $hash);
|
|
if ($check) $ok++;
|
|
print "Check correct: '" . $check . "' (should be '1')\n";
|
|
|
|
$wrong = 'test12346';
|
|
$check = $t_hasher->CheckPassword($wrong, $hash);
|
|
if (!$check) $ok++;
|
|
print "Check wrong: '" . $check . "' (should be '0' or '')\n";
|
|
|
|
unset($t_hasher);
|
|
|
|
# Force the use of weaker portable hashes.
|
|
$t_hasher = new PasswordHash(8, TRUE);
|
|
|
|
$hash = $t_hasher->HashPassword($correct);
|
|
|
|
print 'Hash: ' . $hash . "\n";
|
|
|
|
$check = $t_hasher->CheckPassword($correct, $hash);
|
|
if ($check) $ok++;
|
|
print "Check correct: '" . $check . "' (should be '1')\n";
|
|
|
|
$check = $t_hasher->CheckPassword($wrong, $hash);
|
|
if (!$check) $ok++;
|
|
print "Check wrong: '" . $check . "' (should be '0' or '')\n";
|
|
|
|
# A correct portable hash for 'test12345'.
|
|
# Please note the use of single quotes to ensure that the dollar signs will
|
|
# be interpreted literally. Of course, a real application making use of the
|
|
# framework won't store password hashes within a PHP source file anyway.
|
|
# We only do this for testing.
|
|
$hash = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0';
|
|
|
|
print 'Hash: ' . $hash . "\n";
|
|
|
|
$check = $t_hasher->CheckPassword($correct, $hash);
|
|
if ($check) $ok++;
|
|
print "Check correct: '" . $check . "' (should be '1')\n";
|
|
|
|
$check = $t_hasher->CheckPassword($wrong, $hash);
|
|
if (!$check) $ok++;
|
|
print "Check wrong: '" . $check . "' (should be '0' or '')\n";
|
|
|
|
if ($ok == 6)
|
|
print "All tests have PASSED\n";
|
|
else
|
|
print "Some tests have FAILED\n";
|
|
|
|
?>
|