1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Charcoal\Property; |
4
|
|
|
|
5
|
|
|
// From 'charcoal-property' |
6
|
|
|
use Charcoal\Property\StringProperty; |
7
|
|
|
|
8
|
|
|
/** |
9
|
|
|
* Password Property |
10
|
|
|
* |
11
|
|
|
* The password property is a specialized string property meant to store encrypted passwords. |
12
|
|
|
*/ |
13
|
|
|
class PasswordProperty extends StringProperty |
14
|
|
|
{ |
15
|
|
|
/** |
16
|
|
|
* @return string |
17
|
|
|
*/ |
18
|
|
|
public function type() |
19
|
|
|
{ |
20
|
|
|
return 'password'; |
21
|
|
|
} |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* Overrides the StringProperty::save() method to ensure the value is encrypted. |
25
|
|
|
* |
26
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value will be rehashed. |
27
|
|
|
* |
28
|
|
|
* @todo Implement proper hashing/rehashing/validation. |
29
|
|
|
* @param mixed $val The value, at time of saving. |
30
|
|
|
* @return string |
31
|
|
|
*/ |
32
|
|
|
public function save($val) |
33
|
|
|
{ |
34
|
|
|
if ($val === null || $val === '') { |
35
|
|
|
return $val; |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
if (!$this->isHashed($val)) { |
39
|
|
|
$val = password_hash($val, PASSWORD_DEFAULT); |
40
|
|
|
} |
41
|
|
|
|
42
|
|
|
return $val; |
43
|
|
|
} |
44
|
|
|
|
45
|
|
|
/** |
46
|
|
|
* Retrieve the maximum number of characters allowed. |
47
|
|
|
* |
48
|
|
|
* @return integer |
49
|
|
|
*/ |
50
|
|
|
public function getMaxLength() |
51
|
|
|
{ |
52
|
|
|
if (PASSWORD_DEFAULT === PASSWORD_BCRYPT) { |
53
|
|
|
/** @link https://www.php.net/manual/en/function.password-hash.php */ |
54
|
|
|
return 72; |
55
|
|
|
} |
56
|
|
|
|
57
|
|
|
return parent::getMaxLength(); |
58
|
|
|
} |
59
|
|
|
|
60
|
|
|
/** |
61
|
|
|
* Determine if the given value is hashed. |
62
|
|
|
* |
63
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value is assumed to be plain-text (not hashed). |
64
|
|
|
* |
65
|
|
|
* @param string $hash The value to test. |
66
|
|
|
* @return boolean |
67
|
|
|
*/ |
68
|
|
|
public function isHashed($hash) |
69
|
|
|
{ |
70
|
|
|
$info = password_get_info($hash); |
71
|
|
|
return !($info['algo'] === 0); |
72
|
|
|
} |
73
|
|
|
|
74
|
|
|
/** |
75
|
|
|
* Validates password and rehashes if necessary. |
76
|
|
|
* |
77
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value is assumed to be plain-text (not hashed). |
78
|
|
|
* |
79
|
|
|
* @param string $password A plain-text password. |
80
|
|
|
* @param string $hash A hash created by {@see password_hash()}. |
81
|
|
|
* @return string|boolean |
82
|
|
|
*/ |
83
|
|
|
public function isValid($password, $hash) |
84
|
|
|
{ |
85
|
|
|
if (password_verify($password, $hash) === false) { |
86
|
|
|
return false; |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) { |
90
|
|
|
return password_hash($password, PASSWORD_DEFAULT); |
91
|
|
|
} |
92
|
|
|
|
93
|
|
|
return $hash; |
94
|
|
|
} |
95
|
|
|
} |
96
|
|
|
|