Functions to hash and verify a password in PHP.

password_hash.php

/**
 * Hash the password using bcrypt algorithm. This function takes
 * in a plaintext password, generates a strong and random salt,
 * and returns the crypted password to be stored for the user.
 *
 * @param string $password
 * @return string | false
 */
public static function passwordHash( $password, $options = array() )
{
    $cost = map( $options, 'cost', 10 );
    $raw_salt_len = map( $options, 'raw_salt_len', 16 );
    $required_salt_len = map( $options, 'required_salt_len', 22 );

    // generate the salted hash from urandom using our cost. we
    // need to replace plus signs because it causes problems.
    //
    $hash_format = sprintf( "$2a$%02d$", $cost );
    $buffer = mcrypt_create_iv( $raw_salt_len, MCRYPT_DEV_URANDOM );
    $salt = str_replace( '+', '.', base64_encode( $buffer ) );
    $salt = substr( $salt, 0, $required_salt_len );
    $hash = $hash_format . $salt;

    // encrypt the password with the salted hash
    //
    $return = crypt( $password, $hash );

    if ( ! is_string( $return ) || strlen( $return ) <= 13 )
    {
        return FALSE;
    }

    return $return;
}

/**
 * Verify a password against a hash using a timing attack resistant
 * approach.
 *
 * @param string $password
 * @param string $hash
 * @return boolean
 */
public static function passwordVerify( $password, $hash )
{
    $ret = crypt( $password, $hash );
    $status = 0;

    if ( !is_string( $ret )
        || strlen( $ret ) != strlen( $hash )
        || strlen( $ret ) <= 13 )
    {
        return FALSE;
    }

    for ( $i = 0; $i < strlen( $ret ); $i++ )
    {
        $status |= ( ord( $ret[ $i ] ) ^ ord( $hash[ $i ] ) );
    }

    return $status === 0;
}