3v4l.org

run code in 300+ PHP versions simultaneously
<?php namespace { if (!defined('PASSWORD_DEFAULT')) { define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); /** * Hash the password using the specified algorithm * * @param string $password The password to hash * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) * @param array $options The options for the algorithm to use * * @return string|false The hashed password, or false on error. */ function password_hash($password, $algo, array $options = array()) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); return null; } if (!is_string($password)) { trigger_error("password_hash(): Password must be a string", E_USER_WARNING); return null; } if (!is_int($algo)) { trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); return null; } $resultLength = 0; switch ($algo) { case PASSWORD_BCRYPT: // Note that this is a C constant, but not exposed to PHP, so we don't define it here. $cost = 10; if (isset($options['cost'])) { $cost = $options['cost']; if ($cost < 4 || $cost > 31) { trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); return null; } } // The length of salt to generate $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); // The expected length of the final crypt() output $resultLength = 60; break; default: trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); return null; } $salt_requires_encoding = false; if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': case 'boolean': case 'integer': case 'double': case 'string': $salt = (string) $options['salt']; break; case 'object': if (method_exists($options['salt'], '__tostring')) { $salt = (string) $options['salt']; break; } case 'array': case 'resource': default: trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); return null; } if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt_requires_encoding = true; } } else { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $buffer = openssl_random_pseudo_bytes($raw_salt_len); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && @is_readable('/dev/urandom')) { $f = fopen('/dev/urandom', 'r'); $read = PasswordCompat\binary\_strlen($buffer); while ($read < $raw_salt_len) { $buffer .= fread($f, $raw_salt_len - $read); $read = PasswordCompat\binary\_strlen($buffer); } fclose($f); if ($read >= $raw_salt_len) { $buffer_valid = true; } } if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { $bl = PasswordCompat\binary\_strlen($buffer); for ($i = 0; $i < $raw_salt_len; $i++) { if ($i < $bl) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = $buffer; $salt_requires_encoding = true; } if ($salt_requires_encoding) { // encode string with the Base64 variant used by crypt $base64_digits = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; $bcrypt64_digits = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $base64_string = base64_encode($salt); $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); } $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) { return false; } return $ret; } /** * Get information about the password hash. Returns an array of the information * that was used to generate the password hash. * * array( * 'algo' => 1, * 'algoName' => 'bcrypt', * 'options' => array( * 'cost' => 10, * ), * ) * * @param string $hash The password hash to extract info from * * @return array The array of information about the hash. */ function password_get_info($hash) { $return = array( 'algo' => 0, 'algoName' => 'unknown', 'options' => array(), ); if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { $return['algo'] = PASSWORD_BCRYPT; $return['algoName'] = 'bcrypt'; list($cost) = sscanf($hash, "$2y$%d$"); $return['options']['cost'] = $cost; } return $return; } /** * Determine if the password hash needs to be rehashed according to the options provided * * If the answer is true, after validating the password using password_verify, rehash it. * * @param string $hash The hash to test * @param int $algo The algorithm used for new password hashes * @param array $options The options array passed to password_hash * * @return boolean True if the password needs to be rehashed. */ function password_needs_rehash($hash, $algo, array $options = array()) { $info = password_get_info($hash); if ($info['algo'] != $algo) { return true; } switch ($algo) { case PASSWORD_BCRYPT: $cost = isset($options['cost']) ? $options['cost'] : 10; if ($cost != $info['options']['cost']) { return true; } break; } return false; } /** * Verify a password against a hash using a timing attack resistant approach * * @param string $password The password to verify * @param string $hash The hash to verify against * * @return boolean If the password matches the hash */ function password_verify($password, $hash) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); return false; } $ret = crypt($password, $hash); if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) { return false; } $status = 0; for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { $status |= (ord($ret[$i]) ^ ord($hash[$i])); } return $status === 0; } } } namespace PasswordCompat\binary { /** * Count the number of bytes in a string * * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. * In this case, strlen() will count the number of *characters* based on the internal encoding. A * sequence of bytes might be regarded as a single multibyte character. * * @param string $binary_string The input string * * @internal * @return int The number of bytes */ function _strlen($binary_string) { if (function_exists('mb_strlen')) { return mb_strlen($binary_string, '8bit'); } return strlen($binary_string); } /** * Get a substring based on byte limits * * @see _strlen() * * @param string $binary_string The input string * @param int $start * @param int $length * * @internal * @return string The substring */ function _substr($binary_string, $start, $length) { if (function_exists('mb_substr')) { return mb_substr($binary_string, $start, $length, '8bit'); } return substr($binary_string, $start, $length); } } $hash = '$2y$10$reXsuIb0iFKc9iwWkjC6A.X7SijegOERbcgdIX3qPcuBQmjsqQl5K'; if (password_verify('natalie', $hash)) { echo 'Password is valid!'; } else { echo 'Invalid password.'; } ?>

Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).

VersionSystem time (s)User time (s)Memory (MiB)
5.4.320.0100.03512.55
5.4.310.0050.03812.55
5.4.300.0020.04012.55
5.4.290.0030.04212.55
5.4.280.0050.03512.45
5.4.270.0070.03512.45
5.4.260.0040.03912.45
5.4.250.0060.03712.45
5.4.240.0070.03512.45
5.4.230.0090.03412.44
5.4.220.0070.03412.44
5.4.210.0050.03612.44
5.4.200.0050.03812.44
5.4.190.0060.03712.43
5.4.180.0070.03712.44
5.4.170.0050.03712.45
5.4.160.0020.04012.45
5.4.150.0050.03612.44
5.4.140.0050.03712.12
5.4.130.0050.03512.11
5.4.120.0060.03512.07
5.4.110.0030.03812.07
5.4.100.0070.03312.06
5.4.90.0080.03412.07
5.4.80.0040.03912.07
5.4.70.0050.03712.06
5.4.60.0090.03512.07
5.4.50.0060.04012.05
5.4.40.0060.03412.05
5.4.30.0070.03512.04
5.4.20.0030.03712.04
5.4.10.0030.03712.04
5.4.00.0070.03611.54
5.3.290.0090.03612.82
5.3.280.0060.03712.75
5.3.270.0080.03612.77
5.3.260.0080.03612.76
5.3.250.0060.03712.76
5.3.240.0090.03412.76
5.3.230.0080.03512.75
5.3.220.0070.03512.72
5.3.210.0090.03612.73
5.3.200.0070.04712.72
5.3.190.0030.04012.72
5.3.180.0030.04012.71
5.3.170.0050.04212.72
5.3.160.0030.04012.72
5.3.150.0080.03512.72
5.3.140.0080.03412.71
5.3.130.0070.03912.71
5.3.120.0050.03912.71
5.3.110.0050.03912.70
5.3.100.0030.04012.20
5.3.90.0050.03612.18
5.3.80.0080.03312.16
5.3.70.0050.03712.16
5.3.60.0040.03812.14
5.3.50.0050.03712.09
5.3.40.0040.03712.10
5.3.30.0060.03412.05
5.3.20.0020.03811.84
5.3.10.0050.03711.80
5.3.00.0050.03611.79
5.2.170.0050.0309.19
5.2.160.0040.0299.18
5.2.150.0080.0279.19
5.2.140.0080.0279.19
5.2.130.0040.0309.14
5.2.120.0080.0259.15
5.2.110.0060.0289.16
5.2.100.0010.0329.15
5.2.90.0060.0279.15
5.2.80.0060.0299.14
5.2.70.0020.0329.15
5.2.60.0030.0319.10
5.2.50.0030.0329.07
5.2.40.0060.0289.04
5.2.30.0050.0319.02
5.2.20.0030.0309.01
5.2.10.0020.0308.93
5.2.00.0050.0288.79
5.1.60.0040.0248.07
5.1.50.0040.0258.07
5.1.40.0050.0248.05
5.1.30.0030.0278.41
5.1.20.0050.0268.43
5.1.10.0050.0348.14
5.1.00.0040.0298.15
5.0.50.0070.0266.63
5.0.40.0050.0266.48
5.0.30.0010.0416.30
5.0.20.0030.0206.27
5.0.10.0020.0216.25
5.0.00.0020.0326.24
4.4.90.0040.0144.78
4.4.80.0030.0154.75
4.4.70.0040.0154.76
4.4.60.0040.0144.76
4.4.50.0030.0154.77
4.4.40.0040.0234.71
4.4.30.0030.0154.76
4.4.20.0030.0154.85
4.4.10.0010.0164.85
4.4.00.0020.0254.76
4.3.110.0020.0194.67
4.3.100.0020.0154.67
4.3.90.0040.0144.64
4.3.80.0040.0234.59
4.3.70.0040.0134.63
4.3.60.0020.0154.63
4.3.50.0020.0164.62
4.3.40.0030.0234.54
4.3.30.0030.0153.29
4.3.20.0030.0153.27
4.3.10.0020.0153.22
4.3.00.0030.0207.29

preferences:
144.39 ms | 1386 KiB | 7 Q