3v4l.org

run code in 300+ PHP versions simultaneously
<?php $userId = '7788990011223344551'; $short_username = 'zerocool95'; $long_username = 'zerocool95-Y3Jhc2ggb3ZlcnJpZGUgaXMgcmVhbGx5IHplcm8gY29vbA'; $password = 'Mess with the best, die like the rest.'; echo "Using short username\n"; $combined = $userId . $short_username . $password; $hash = password_hash( $combined, PASSWORD_BCRYPT, [ 'cost' => 12 ] ); echo $hash . "\n"; if ( password_verify( $combined, $hash ) ) { echo "Correct user id, username, password combination\n"; } else { echo "Incorrect combination\n"; } $bad_combination = $userId . $short_username . 'not-my-password'; if ( password_verify( $bad_combination, $hash ) ) { echo "Correct user id, username, password combination\n"; } else { echo "Incorrect combination\n"; } // Output // $2y$12$OSlXjZirMYlaKtXqMTr1uePNIEEsxS4sDQHCpfg.vC/Aw9SBaEvBS // Correct user id, username, password combination // Incorrect combination echo "\n---\n"; // Now try it with the long, 52+ characters, username echo "Using LONG short username\n"; $combined = $userId . $long_username . $password; $hash = password_hash( $combined, PASSWORD_BCRYPT, [ 'cost' => 12 ] ); echo $hash . "\n"; if ( password_verify( $combined, $hash ) ) { echo "Correct user id, username, password combination\n"; } else { echo "Incorrect combination\n"; } $bad_combination = $userId . $long_username . 'not-my-password'; if ( password_verify( $bad_combination, $hash ) ) { echo "Correct user id, username, password combination\n"; } else { echo "Incorrect combination\n"; } // Output // $2y$12$p2xn6C0duRrnpjFQWTBCJe7hjlIq0GZHwmwRdAUgeOD30a5T85V/G // Correct user id, username, password combination // Correct user id, username, password combination

preferences:
42.47 ms | 405 KiB | 5 Q