| 1 |  |  | <?php | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | namespace Dynamic\FoxyStripe\Security; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | use SilverStripe\Security\PasswordEncryptor; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  | use SilverStripe\Security\PasswordEncryptor_EncryptionFailed; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  | /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  |  * Class PasswordEncryptor_BCrypt | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  |  * @package Dynamic\FoxyStripe\Security | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  |  */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  | class PasswordEncryptor_BCrypt extends PasswordEncryptor | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  | { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  |      * Cost of encryption. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  |      * Higher costs will increase security, but also increase server load. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  |      * If you are using basic auth, you may need to decrease this as encryption | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  |      * will be run on every request. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  |      * The two digit cost parameter is the base-2 logarithm of the iteration | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  |      * count for the underlying Blowfish-based hashing algorithmeter and must | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  |      * be in range 04-31, values outside this range will cause crypt() to fail. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 |  |  |     protected static $cost = 10; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 |  |  |      * Sets the cost of the blowfish algorithm. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 |  |  |      * See {@link PasswordEncryptor_Blowfish::$cost} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  |      * Cost is set as an integer but | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  |      * Ensure that set values are from 4-31 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 |  |  |      * @param int $cost range 4-31 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 33 |  |  |     public static function set_cost($cost) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 34 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 35 |  |  |         self::$cost = max(min(31, $cost), 4); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 36 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 37 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 38 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 39 |  |  |      * Gets the cost that is set for the PASSWORD_BCRYPT algorithm | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 |  |  |      * @return int | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 |  |  |     public static function get_cost() | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 |  |  |         return self::$cost; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  |      * @param String $password | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 |  |  |      * @param null $salt | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  |      * @param null $member | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  |      * @return bool|String | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 |  |  |      * @throws PasswordEncryptor_EncryptionFailed | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 |  |  |     public function encrypt($password, $salt = null, $member = null) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 |  |  |         $encryptedPassword = password_hash($password, PASSWORD_BCRYPT, ['cost' => static::get_cost()]); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 |  |  |         if (strpos($encryptedPassword, '$2y$') === false) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 |  |  |             throw new PasswordEncryptor_EncryptionFailed('BCrypt password encryption failed.'); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 |  |  |         return $encryptedPassword; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 |  |  |      * @param string $hash | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 |  |  |      * @param string $password | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 |  |  |      * @param null $salt | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 |  |  |      * @param null $member | 
                            
                    |  |  |  | 
                                                                                        
                                                                                     | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  |      * @return bool | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 72 |  |  |      */ | 
            
                                                                        
                            
            
                                    
            
            
                | 73 |  |  |     public function check($hash, $password, $salt = null, $member = null) | 
            
                                                                        
                            
            
                                    
            
            
                | 74 |  |  |     { | 
            
                                                                        
                            
            
                                    
            
            
                | 75 |  |  |         return password_verify($password, $hash); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 76 |  |  |     } | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 77 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 78 |  |  |  |