<?php
  require_once("../config.php");

  function tokengen (int $bytes=24): string {
    return bin2hex(random_bytes($bytes));
  }

  function setpasswd (string $password): string {
    $millisec = 0.05;
    $cost = 8;

    do {
      $cost++;
      $start = microtime(true);
      password_hash("kero", PASSWORD_ARGON2ID, ["cost" => $cost]);
      $end = microtime(true);
    } while (($end - $start) < $millisec);

    $addpepper = hash_hmac("sha256", $password, PASSWD_PEPPER);
    $addmd5 = md5($addpepper);

    return password_hash($addmd5, PASSWORD_ARGON2ID, ["cost" => $cost]);
  }

  function verifypasswd (string $raw, string $crypt): bool {
    $addpepper = hash_hmac("sha256", $raw, PASSWD_PEPPER);
    $addmd5 = md5($addpepper);

    return password_verify($addmd5, $crypt);
  }
?>