PHP and Bcrypt [duplicate]

This que开发者_如何转开发stion already has answers here: Closed 11 years ago.

Possible Duplicate:

How do you use bcrypt for hashing passwords in PHP?

I am developing an API using PHP. My previous version of the API which I want to migrate from was build using Rails 3.

I have only one problem. The stored passwords for the users was encrypted with the below technique.

BCrypt::Engine.hash_secret(password, user.password_salt);

How can I do the same in PHP (Codeigniter) so that the users can continue using their old passwords?

Thankful for all help!

---

I think you can use the crypt function with the blowfish algorithm: http://php.net/manual/en/function.crypt.php

Another option is to use mcrypt: http://www.php.net/manual/en/ref.mcrypt.php

Edit: example

Here's what I would do:

$hashedPassword = crypt('password', '$2a$11$abcd');

Use crypt like this:

hash = crypt(password, salt);

$hashedPassword should now contain the hash.

Basically in order to use the blow fish alogrithm, the salt needs to be in this format: $2a$[2 digit cost parameter]$[22 digit alphanumeric string]

To determine if you have blowfish on yours server:

if (CRYPT_BLOWFISH == 1) {
    echo 'Blowfish:     ' . crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n";
}

---

I'm not sure how it's done but take a look at the source for Tank Auth, it uses bcrypt. I think it's smart enough to use the built in library if it's present on the system and falls back to an included version if necessary.