- PHP COMPATIBLE AND EXPORTABLE FUNCTIONS
- SHORTENED ALIAS METHODS
- SEE ALSO
PHP::Functions::Password - Perl ports of PHP password functions
This module provides ported PHP password functions. This module supports the bcrypt, argon2i, and argon2id algorithms, as is the case with the equivalent PHP functions at the date of writing this. All functions may also be called as class methods and support inheritance too. See http://php.net/manual/en/ref.password.php for detailed usage instructions.
use PHP::Functions::Password ();
Functional interface, typical use:
use PHP::Functions::Password qw(password_hash); my $password = 'secret'; my $crypted_string = password_hash($password); # uses PASSWORD_BCRYPT algorithm
Functional interface use, using options:
use PHP::Functions::Password qw(:all); my $password = 'secret'; # Specify options (see PHP docs for which): my $crypted_string = password_hash($password, PASSWORD_DEFAULT, cost => 11); # Use a different algorithm: my $crypted_string = password_hash($password, PASSWORD_ARGON2ID);
Class method use, using options:
use PHP::Functions::Password; my $password = 'secret'; my $crypted_string = PHP::Functions::Password->hash($password, cost => 9); # Note that the 2nd argument of password_hash() has been dropped here and may be specified # as an option as should've been the case in the original password_hash() function IMHO.
The following names can be imported into the calling namespace by request:
password_algos password_get_info password_hash password_needs_rehash password_verify PASSWORD_ARGON2I PASSWORD_ARGON2ID PASSWORD_BCRYPT PASSWORD_DEFAULT :all - what it says :consts - the PASSWORD_* constants :funcs - the password_* functions
Returns an array of supported password algorithm signatures.
The same as http://php.net/manual/en/function.password-get-info.php with the exception that it returns the following additional keys in the result:
algoSig e.g. '2y' salt (encoded) hash (encoded) version (only for argon2 algorithms)
Returns a hash in array context, else a hashref.
- password_hash($password, $algo, %options)
Similar to http://php.net/manual/en/function.password-hash.php with difference that the $algo argument is optional and defaults to PASSWORD_DEFAULT for your programming pleasure.
Important notes about the 'salt' option which you shouldn't use:
- The PASSWORD_BCRYPT 'salt' option is deprecated since PHP 7.0, but if you do pass it, then it must be bcrypt custom base64 encoded and not raw bytes! - For algorithms other than PASSWORD_BCRYPT, PHP doesn't support the 'salt' option, but if you do pass it, then it must be in raw bytes!
- password_needs_rehash($crypted, $algo, %options)
- password_verify($password, $crypted)
- hash($password, %options)
Proxy method for
password_hash($password, $algo, %options). The difference is that this method does have an $algo argument, but instead allows the algorithm to be specified with the 'algo' option (in %options).
- needs_rehash($crypted, $algo, %options)
password_needs_rehash($crypted, $algo, %options).
- verify($password, $crypted)
L<Crypt::Eksblowfish::Bcrypt> from which several internal functions were copied and slightly modified. L<Crypt::Eksblowfish> used for creating/verifying crypted strings in bcrypt format. L<Crypt::OpenSSL::Random> used for random salt generation. L<Crypt::Argon2> recommended for argon2 algorithm support.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Craig Manley (craigmanley.com)