|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Charcoal\Property; |
|
4
|
|
|
|
|
5
|
|
|
// From 'charcoal-property' |
|
6
|
|
|
use Charcoal\Property\StringProperty; |
|
7
|
|
|
|
|
8
|
|
|
/** |
|
9
|
|
|
* Password Property |
|
10
|
|
|
* |
|
11
|
|
|
* The password property is a specialized string property meant to store encrypted passwords. |
|
12
|
|
|
*/ |
|
13
|
|
|
class PasswordProperty extends StringProperty |
|
14
|
|
|
{ |
|
15
|
|
|
/** |
|
16
|
|
|
* @return string |
|
17
|
|
|
*/ |
|
18
|
|
|
public function type() |
|
19
|
|
|
{ |
|
20
|
|
|
return 'password'; |
|
21
|
|
|
} |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Overrides the StringProperty::save() method to ensure the value is encrypted. |
|
25
|
|
|
* |
|
26
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value will be rehashed. |
|
27
|
|
|
* |
|
28
|
|
|
* @todo Implement proper hashing/rehashing/validation. |
|
29
|
|
|
* @param mixed $val The value, at time of saving. |
|
30
|
|
|
* @return string |
|
31
|
|
|
*/ |
|
32
|
|
|
public function save($val) |
|
33
|
|
|
{ |
|
34
|
|
|
if ($val === null || $val === '') { |
|
35
|
|
|
return $val; |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
if (!$this->isHashed($val)) { |
|
39
|
|
|
$val = password_hash($val, PASSWORD_DEFAULT); |
|
40
|
|
|
} |
|
41
|
|
|
|
|
42
|
|
|
return $val; |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
/** |
|
46
|
|
|
* Retrieve the maximum number of characters allowed. |
|
47
|
|
|
* |
|
48
|
|
|
* @return integer |
|
49
|
|
|
*/ |
|
50
|
|
|
public function getMaxLength() |
|
51
|
|
|
{ |
|
52
|
|
|
if (PASSWORD_DEFAULT === PASSWORD_BCRYPT) { |
|
53
|
|
|
/** @link https://www.php.net/manual/en/function.password-hash.php */ |
|
54
|
|
|
return 72; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
return parent::getMaxLength(); |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* Determine if the given value is hashed. |
|
62
|
|
|
* |
|
63
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value is assumed to be plain-text (not hashed). |
|
64
|
|
|
* |
|
65
|
|
|
* @param string $hash The value to test. |
|
66
|
|
|
* @return boolean |
|
67
|
|
|
*/ |
|
68
|
|
|
public function isHashed($hash) |
|
69
|
|
|
{ |
|
70
|
|
|
$info = password_get_info($hash); |
|
71
|
|
|
return !($info['algo'] === 0); |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* Validates password and rehashes if necessary. |
|
76
|
|
|
* |
|
77
|
|
|
* If the hash is corruped or the algorithm is not recognized, the value is assumed to be plain-text (not hashed). |
|
78
|
|
|
* |
|
79
|
|
|
* @param string $password A plain-text password. |
|
80
|
|
|
* @param string $hash A hash created by {@see password_hash()}. |
|
81
|
|
|
* @return string|boolean |
|
82
|
|
|
*/ |
|
83
|
|
|
public function isValid($password, $hash) |
|
84
|
|
|
{ |
|
85
|
|
|
if (password_verify($password, $hash) === false) { |
|
86
|
|
|
return false; |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
if (password_needs_rehash($hash, PASSWORD_DEFAULT)) { |
|
90
|
|
|
return password_hash($password, PASSWORD_DEFAULT); |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
return $hash; |
|
94
|
|
|
} |
|
95
|
|
|
} |
|
96
|
|
|
|
locomotivemtl /
charcoal-property
