/**
* Check if the given password is the same as the one stored in this record.
* See {@link Member->checkPassword()}.
*
* @param String $password Cleartext password
* @return Boolean
*/
public function checkPassword($password)
{
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
return $e->check($this->Password, $password, $this->Salt, $this->Member());
}
/**
* Utility for generating secure password hashes for this member.
*
* @param string $string
* @return string
* @throws PasswordEncryptor_NotFoundException
*/
public function encryptWithUserSettings($string)
{
if (!$string) {
return null;
}
// If the algorithm or salt is not available, it means we are operating
// on legacy account with unhashed password. Do not hash the string.
if (!$this->PasswordEncryption) {
return $string;
}
// We assume we have PasswordEncryption and Salt available here.
$e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
return $e->encrypt($string, $this->Salt);
}
/**
* Encrypt a password according to the current password encryption settings.
* If the settings are so that passwords shouldn't be encrypted, the
* result is simple the clear text password with an empty salt except when
* a custom algorithm ($algorithm parameter) was passed.
*
* @param string $password The password to encrypt
* @param string $salt Optional: The salt to use. If it is not passed, but
* needed, the method will automatically create a
* random salt that will then be returned as return value.
* @param string $algorithm Optional: Use another algorithm to encrypt the
* password (so that the encryption algorithm can be changed over the time).
* @param Member $member Optional
* @return mixed Returns an associative array containing the encrypted
* password and the used salt in the form:
* <code>
* array(
* 'password' => string,
* 'salt' => string,
* 'algorithm' => string,
* 'encryptor' => PasswordEncryptor instance
* )
* </code>
* If the passed algorithm is invalid, FALSE will be returned.
*
* @see encrypt_passwords()
*/
public static function encrypt_password($password, $salt = null, $algorithm = null, $member = null)
{
// Fall back to the default encryption algorithm
if (!$algorithm) {
$algorithm = self::config()->password_encryption_algorithm;
}
$e = PasswordEncryptor::create_for_algorithm($algorithm);
// New salts will only need to be generated if the password is hashed for the first time
$salt = $salt ? $salt : $e->salt($password);
return array('password' => $e->encrypt($password, $salt, $member), 'salt' => $salt, 'algorithm' => $algorithm, 'encryptor' => $e);
}
/**
* See http://open.silverstripe.org/ticket/3004
*
* Handy command for reproducing via CLI on different architectures:
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
*/
public function testEncryptorLegacyPHPHashCheck()
{
Config::inst()->update('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', ['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
$intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';
$wrongHash = 'h1fjxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$this->assertTrue($e->check($amdHash, "mypassword"));
$this->assertTrue($e->check($intelHash, "mypassword"));
$this->assertFalse($e->check($wrongHash, "mypassword"));
}
