<?php
$userId = '7788990011223344551';
$short_username = 'zerocool95';
$long_username = 'zerocool95-Y3Jhc2ggb3ZlcnJpZGUgaXMgcmVhbGx5IHplcm8gY29vbA';
$password = 'Mess with the best, die like the rest.';
echo "Using short username\n";
$combined = $userId . $short_username . $password;
$hash = password_hash(
$combined,
PASSWORD_BCRYPT,
[
'cost' => 12
]
);
echo $hash . "\n";
if ( password_verify( $combined, $hash ) ) {
echo "Correct user id, username, password combination\n";
} else {
echo "Incorrect combination\n";
}
$bad_combination = $userId . $short_username . 'not-my-password';
if ( password_verify( $bad_combination, $hash ) ) {
echo "Correct user id, username, password combination\n";
} else {
echo "Incorrect combination\n";
}
// Output
// $2y$12$OSlXjZirMYlaKtXqMTr1uePNIEEsxS4sDQHCpfg.vC/Aw9SBaEvBS
// Correct user id, username, password combination
// Incorrect combination
echo "\n---\n";
// Now try it with the long, 52+ characters, username
echo "Using LONG short username\n";
$combined = $userId . $long_username . $password;
$hash = password_hash(
$combined,
PASSWORD_BCRYPT,
[
'cost' => 12
]
);
echo $hash . "\n";
if ( password_verify( $combined, $hash ) ) {
echo "Correct user id, username, password combination\n";
} else {
echo "Incorrect combination\n";
}
$bad_combination = $userId . $long_username . 'not-my-password';
if ( password_verify( $bad_combination, $hash ) ) {
echo "Correct user id, username, password combination\n";
} else {
echo "Incorrect combination\n";
}
// Output
// $2y$12$p2xn6C0duRrnpjFQWTBCJe7hjlIq0GZHwmwRdAUgeOD30a5T85V/G
// Correct user id, username, password combination
// Correct user id, username, password combination
preferences:
42.47 ms | 405 KiB | 5 Q