<?php
mb_internal_encoding('UTF-8');
ini_set('default_charset', mb_internal_encoding());
$tests = [
# These should all work with the same hash since the first 72 bytes in each are the same:
'ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใงใใๆฅๆฌ่ชใฎๆใงใใ' => '$2y$10$8r90pAKtxZzcWQRsJpOKge6rXAP.1UtvQntdk38RhuAjrXXkplqr.', # 34 chars, 102 bytes
'ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใงใ' => '$2y$10$8r90pAKtxZzcWQRsJpOKge6rXAP.1UtvQntdk38RhuAjrXXkplqr.', # 25 chars, 75 bytes
'ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใง' => '$2y$10$8r90pAKtxZzcWQRsJpOKge6rXAP.1UtvQntdk38RhuAjrXXkplqr.', # 24 chars, 72 bytes
# This should fail using the same hash as above since the byte length is less than 72:
'ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญ' => '$2y$10$8r90pAKtxZzcWQRsJpOKge6rXAP.1UtvQntdk38RhuAjrXXkplqr.', # 23 chars, 69 bytes (hash should fail)
];
$tests = [
# These should all work with the same hash since the first 72 bytes in each are the same:
'*ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใงใใๆฅๆฌ่ชใฎๆใงใใ'=> '$2y$10$dmQi9mPJWaEHifmpXlCoKOmcaSzFQ1kUszKzMBtig2lzBXLRvS8Wq', # 34 chars, 102 bytes
'*ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใงใ' => '$2y$10$dmQi9mPJWaEHifmpXlCoKOmcaSzFQ1kUszKzMBtig2lzBXLRvS8Wq', # 25 chars, 75 bytes
'*ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใง' => '$2y$10$dmQi9mPJWaEHifmpXlCoKOmcaSzFQ1kUszKzMBtig2lzBXLRvS8Wq', # 24 chars, 72 bytes
# This should fail using the same hash as above since the byte length is less than 72:
'*ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญ' => '$2y$10$dmQi9mPJWaEHifmpXlCoKOmcaSzFQ1kUszKzMBtig2lzBXLRvS8Wq', # 23 chars, 69 bytes (hash should fail)
];
foreach ($tests as $password => $crypted) {
$char_len = mb_strlen($password);
$byte_len = strlen($password);
error_log("password_verify('$password', '$crypted') (chars=$char_len, bytes=$byte_len) returns " . json_encode(password_verify($password, $crypted)));
error_log("'$password' => '" . password_hash($password, PASSWORD_BCRYPT) . "'");
}
#error_log(password_hash('*ใใใฏใใใใใใ่คๆฐใฎใใคใใงๆงๆใใใๆๅญใง', PASSWORD_BCRYPT));