Using PHPass with CodeIgniter

Storing passwords in a database is a necessary evil for most web-applications. No-one in their right mind would save plain-text passwords, and MD5 hashes aren’t much better. A useful library called PHPass exists to hash passwords in a more secure manner. Using this in CodeIgniter should be straightfoward, but it is a bit fiddly.

Using third-party libraries in CodeIgniter is simple – just make sure the class you wish to use is the appliction/libraries directory and then use


But, when CodeIgniter loads the library, it also instantiates an object using the class definition in the library file. If the class constructor requires some parameters, you can pass them by adding an array to the $this->load->library() function;


In this case, $params must be an array.

The PHPass class definition, however, requires two parameters. So, the easy way round this is to adapt the PHPass class constructor to accept an array rather than two single parameters;

function PasswordHash($params)
        $iteration_count_log2 = $params[0];
        $portable_hashes = $params[1];
        $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

        if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
            $iteration_count_log2 = 8;
        $this->iteration_count_log2 = $iteration_count_log2;

        $this->portable_hashes = $portable_hashes;

        $this->random_state = microtime();
        if (function_exists('getmypid'))
            $this->random_state .= getmypid();

Leave a Reply

Your email address will not be published. Required fields are marked *