/**
* Returns string, hashed by the
* <code>session.encrypt_guest_cookie.hash</code>
* to sign guest cookie. It uses session id and
* <code>config.crypto.secret</code> to get required hash.
*
* Behavior AfterGetGuestHash is defined.
*
* @return array
*/
private function getGuestHash($sid)
{
$cp = new CryptoProvider();
$config = Config::getInstance();
$hash = base64_encode($cp->hash($sid . $config->crypto->secret, $config->session->encrypt_guest_cookie->hash));
$this->trigger("AfterGetGuestHash", array(&$sid));
return $hash;
}
/**
* Performs hashing of the password.
* If user is newly created, new random hash will be assigned. This salt
* is mandatory.
*
* The server-side salt is optional and could be mixed in if config parameter
* <code>user.server_salt.use</code> is set.
*
* Hashing method is defined by the <code>user.password.hash</code> config parameter.
* It could be as custom as default for all hashing (user.password.hash=":default")
*
* @param User instance of the user, which salt is taken.
* @param string unhashed password to be hashed
* @return string hashed password
* @see CryptoProvider
* @throws UserException
*/
static function hashPassword($user, $unhashed_password)
{
$config = Config::getInstance();
if (empty($unhashed_password)) {
throw new UserException("Password could not be empty");
}
$cp = new CryptoProvider();
$user_salt = $user->getSalt() ? $user->getSalt() : self::generateSalt();
$user->setSalt($user_salt);
$password_string = $unhashed_password . $user_salt . ($config->user->server_salt->use ? $config->user->server_salt->salt : "");
return $cp->hash($password_string, Config::getInstance()->user->password->hash);
}