$password);
else
$hashed_password = sha1($password);
return $hashed_password;
}
}
?>
3. Next, write a simple test page to test the PasswordHasher class. Create a new file named test_hasher.php
in the tshirtshop folder with the following code in it:
if (isset ($_GET['to_be_hashed']))
{
require_once 'include/config.php';
require_once BUSINESS_DIR . 'password_hasher.php';
$original_string = $_GET['to_be_hashed'];
echo 'The hash of "' . $original_string . '" is ' .
PasswordHasher::Hash($original_string, false);
echo '
';
CHAPTER 16 ?– MANAGING CUSTOMER DETAILS 481
echo '... and the hash of "' . HASH_PREFIX . $original_string .
'" (secret prefix concatenated with password) is ' .
PasswordHasher::Hash($original_string, true);
}
?>
4. Load test_hasher.php in your favorite browser, enter a password to hash, and admire the results, as
shown in Figure 16-1.
Figure 16-1. Testing the password hashing functionality
How It Works: The Hashing Functionality
The code in the PasswordHasher class is pretty simple. By default, the static Hash() method returns the hash
of a string representing the secret prefix concatenated with the password.
You might be wondering what the secret prefix is all about.
Pages:
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603