從有為青年變成有為中年男子的生活札記

剛研究 PHP 跟 OpenLDAP 驗證的東西，建議是用 MD5 or SSHA 加密比較安全，這篇是在說明怎麼用 SSHA 來驗證

howforge.com - How to create and verify SSHA hash using PHP

There are so many hash. SHA1 is one of them which is widely used in recent years even though it is not safe to use right now. By the way, it is still the default hash function for storing password in LDAP especially OpenLDAP. In order to develop a website with LDAP authentication manually against POSIX account, SSHA hash function or SHA1 is the easiest solution.

function ssha_encode($text) {
  for ($i=1;$i<=10;$i++) {
    $salt .= substr('0123456789abcdef',rand(0,15),1);
  }
  $hash = "{SSHA}".base64_encode(pack("H*",sha1($text.$salt)).$salt);
  return $hash;
}
 
function ssha_check($text,$hash) {
  $ohash = base64_decode(substr($hash,6));
  $osalt = substr($ohash,20);
  $ohash = substr($ohash,0,20);
  $nhash = pack("H*",sha1($text.$osalt));
  return $ohash == $nhash;
}

$password = "test";
$hash = ssha_encode($password);
print "$hash\n";
print var_export(ssha_check($password,$hash),true);