StringHash::hash() - Code Metrics - Inspection of "dd tests for Models, major change in some classes..." - tnhfw/tnh-fw - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Push — 1.0.0-dev ( 76319a...aa9039 )

by nguereza

created 2020-03-14 17:35 UTC

StringHash::hash() A

↳ Parent: StringHash

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	1
eloc	3
nc	1
nop	1
dl	0
loc	4
rs	10
c	1
b	0
f	0

<?php 
    defined('ROOT_PATH') || exit('Access denied');
    /**
     * TNH Framework
     *
     * A simple PHP framework using HMVC architecture
     *
     * This content is released under the MIT License (MIT)
     *
     * Copyright (c) 2017 TNH Framework
     *
     * Permission is hereby granted, free of charge, to any person obtaining a copy
     * of this software and associated documentation files (the "Software"), to deal
     * in the Software without restriction, including without limitation the rights
     * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
     * copies of the Software, and to permit persons to whom the Software is
     * furnished to do so, subject to the following conditions:
     *
     * The above copyright notice and this permission notice shall be included in all
     * copies or substantial portions of the Software.
     *
     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
     * SOFTWARE.
     */

    class StringHash {
		 
        /**
         * Using blowfish method
         * CRYPT_BLOWFISH = 1
         * Recommended algo since PHP 5.3.7 is "$2y$"
         * Before PHP 5.3.7 can use "$2a$" but this have some security issue
         * @see  http://www.php.net/security/crypt_blowfish.php 
         * @var string
         */
        private static $algo = '$2y$';
		
        /**
         * Cost parameter value
         * For CRYPT_BLOWFISH possible value are: "04", "05", "06", "07", "08", "09", "10", etc. until 
         * "30", "31"
         * 
         * @var string
         */
        private static $cost = '10';

        /**
         * Hash the given string
         * @param  string $value the plain string text to be hashed
         * 
         * @return string           the hashed string
         */
        public function hash($value) {
            return crypt($value, self::$algo .
                    self::$cost .
                    '$' . $this->getUniqueSalt());
        }

        /**
         * Check if the hash and plain string is valid
         * @param  string $hash     the hashed string
         * @param  string $plain the plain text
         * 
         * @return boolean  true if is valid or false if not
         */
        public function check($hash, $plain) {
            $fullSalt = substr($hash, 0, 29);
            $newHash = crypt($plain, $fullSalt);
            return $hash === $newHash;
        }	

        /**
         * Get the unique salt for the string hash
         * Note: extension openssl need to be available for this to work
         * 
         * @return string the unique generated salt
         */
        private function getUniqueSalt() {
            /* To generate the salt, first generate enough random bytes. Because
             * base64 returns one character for each 6 bits, so we should generate
             * at least 22*6/8 = 16.5 bytes, so we generate 17 bytes. Then we get the first
             * 22 base64 characters
             */

            /* As blowfish takes a salt with the alphabet ./A-Za-z0-9 we have to
             * replace any '+', '=' in the base64 string with '..'.
             */
            $random = base64_encode(openssl_random_pseudo_bytes(17));
            //take only the first 22 caracters
            $random = substr($random, 0, 22);

            //replace +,= by .
            return strtr($random, '+=', '..');
        }
    }


1			<?php
2			defined('ROOT_PATH') \|\| exit('Access denied');
3			/**
4			* TNH Framework
5			*
6			* A simple PHP framework using HMVC architecture
7			*
8			* This content is released under the MIT License (MIT)
9			*
10			* Copyright (c) 2017 TNH Framework
11			*
12			* Permission is hereby granted, free of charge, to any person obtaining a copy
13			* of this software and associated documentation files (the "Software"), to deal
14			* in the Software without restriction, including without limitation the rights
15			* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
16			* copies of the Software, and to permit persons to whom the Software is
17			* furnished to do so, subject to the following conditions:
18			*
19			* The above copyright notice and this permission notice shall be included in all
20			* copies or substantial portions of the Software.
21			*
22			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24			* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25			* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26			* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
27			* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
28			* SOFTWARE.
29			*/
30
31			class StringHash {
32
33			/**
34			* Using blowfish method
35			* CRYPT_BLOWFISH = 1
36			* Recommended algo since PHP 5.3.7 is "$2y$"
37			* Before PHP 5.3.7 can use "$2a$" but this have some security issue
38			* @see http://www.php.net/security/crypt_blowfish.php
39			* @var string
40			*/
41			private static $algo = '$2y$';
42
43			/**
44			* Cost parameter value
45			* For CRYPT_BLOWFISH possible value are: "04", "05", "06", "07", "08", "09", "10", etc. until
46			* "30", "31"
47			*
48			* @var string
49			*/
50			private static $cost = '10';
51
52			/**
53			* Hash the given string
54			* @param string $value the plain string text to be hashed
55			*
56			* @return string the hashed string
57			*/
58			public function hash($value) {
59			return crypt($value, self::$algo .
60			self::$cost .
61			'$' . $this->getUniqueSalt());
62			}
63
64			/**
65			* Check if the hash and plain string is valid
66			* @param string $hash the hashed string
67			* @param string $plain the plain text
68			*
69			* @return boolean true if is valid or false if not
70			*/
71			public function check($hash, $plain) {
72			$fullSalt = substr($hash, 0, 29);
73			$newHash = crypt($plain, $fullSalt);
74			return $hash === $newHash;
75			}
76
77			/**
78			* Get the unique salt for the string hash
79			* Note: extension openssl need to be available for this to work
80			*
81			* @return string the unique generated salt
82			*/
83			private function getUniqueSalt() {
84			/* To generate the salt, first generate enough random bytes. Because
85			* base64 returns one character for each 6 bits, so we should generate
86			* at least 22*6/8 = 16.5 bytes, so we generate 17 bytes. Then we get the first
87			* 22 base64 characters
88			*/
89
90			/* As blowfish takes a salt with the alphabet ./A-Za-z0-9 we have to
91			* replace any '+', '=' in the base64 string with '..'.
92			*/
93			$random = base64_encode(openssl_random_pseudo_bytes(17));
94			//take only the first 22 caracters
95			$random = substr($random, 0, 22);
96
97			//replace +,= by .
98			return strtr($random, '+=', '..');
99			}
100			}
101

tnhfw / tnh-fw

Push — 1.0.0-dev ( 76319a...aa9039 )

StringHash::hash() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like