3v4l.org

run code in 300+ PHP versions simultaneously
<?php $password = "chemicals1"; $expected = "{SSHA512}w/lHn2LXfNletbfyLVYutBFqUjGPzhmptyleVlehUZSZdylZCt/sDmvkhTBV1Ln4f6rzXTdM6eOGr3LX7FgGCF5/fsbs0vVq"; function generate_postfix_ssha512_hash($password, $salt = false) { $hash_algo = "{SSHA512}"; $salt_length = 8; // generate a random salt if one isn't provided $salt = empty($salt) ? random_bytes($salt_length) : $salt; // hash our password with the salt $hash = hash('sha512', "{$password}{$salt}", true); // base64 encode the salt so we have a sane string $hash = base64_encode("{$hash}{$salt}"); // return our generated password hash with identifier return "{$hash_algo}{$hash}"; } function compare_postfix_ssha512_hash($password, $valid_hash) { $hash_algo = "{SSHA512}"; $salt_length = 8; // strip the identifier from the hash (if exists) $valid_hash = str_replace($hash_algo, "", $valid_hash); // get the salt from the valid hash $salt = substr(base64_decode($valid_hash), -$salt_length); // strip the salt from the end of the valid hash $valid_hash = substr(base64_decode($valid_hash), 0, -$salt_length); // hash our password with the salt $hash = generate_postfix_ssha512_hash($password, $salt); // strip the identifier from the hash (if exists) $hash = str_replace($hash_algo, "", $hash); // strip the salt from the end of the valid hash $hash = substr(base64_decode($hash), 0, -$salt_length); // return the comparison return hash_equals($valid_hash, $hash); } var_dump(compare_postfix_ssha512_hash($password, $expected));
Output for 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.34, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.25, 8.1.0 - 8.1.12
bool(true)

preferences:
174.18 ms | 403 KiB | 253 Q