/**
* Load the configuration of authentification, stored in the auth plugin config
* @return array
* @since 1.2.10
*/
public static function loadConfig($newconfig = null)
{
if (self::$config === null || $newconfig) {
if (!$newconfig) {
$plugin = jApp::coord()->getPlugin('auth');
if ($plugin === null) {
throw new jException('jelix~auth.error.plugin.missing');
}
$config =& $plugin->config;
} else {
$config = $newconfig;
}
if (!isset($config['session_name']) || $config['session_name'] == '') {
$config['session_name'] = 'JELIX_USER';
}
if (!isset($config['persistant_cookie_path']) || $config['persistant_cookie_path'] == '') {
if (jApp::config()) {
$config['persistant_cookie_path'] = jApp::urlBasePath();
} else {
$config['persistant_cookie_path'] = '/';
}
}
// Read hash method configuration. If not empty, cryptPassword will use
// the new API of PHP 5.5 (password_verify and so on...)
$password_hash_method = isset($config['password_hash_method']) ? $config['password_hash_method'] : 0;
if ($password_hash_method === '' || !is_numeric($password_hash_method)) {
$password_hash_method = 0;
} else {
$password_hash_method = intval($password_hash_method);
}
if ($password_hash_method > 0) {
require_once __DIR__ . '/password.php';
if (!can_use_password_API()) {
$password_hash_method = 0;
}
} else {
require_once __DIR__ . '/hash_equals.php';
}
$password_hash_options = isset($config['password_hash_options']) ? $config['password_hash_options'] : '';
if ($password_hash_options != '') {
$list = '{"' . str_replace(array('=', ';'), array('":"', '","'), $config['password_hash_options']) . '"}';
$json = new jJson(SERVICES_JSON_LOOSE_TYPE);
$password_hash_options = @$json->decode($list);
if (!$password_hash_options) {
$password_hash_options = array();
}
} else {
$password_hash_options = array();
}
$config['password_hash_method'] = $password_hash_method;
$config['password_hash_options'] = $password_hash_options;
$config[$config['driver']]['password_hash_method'] = $password_hash_method;
$config[$config['driver']]['password_hash_options'] = $password_hash_options;
self::$config = $config;
}
return self::$config;
}
if (preg_match('/squeeze(\\d+)$/', PHP_VERSION, $m)) {
if (intval($m[1]) >= 4) {
if (!defined('_PASSWORD_CRYPT_HASH_FORMAT')) {
define('_PASSWORD_CRYPT_HASH_FORMAT', '$2a$%02d$');
}
if (!defined('_PASSWORD_CRYPT_PROLOG')) {
define('_PASSWORD_CRYPT_PROLOG', '$2a$');
}
return true;
}
}
//FIXME crypt() in PHP 5.3.3 is fixed also on other distro like RedHat.
// however I don't know if it supports 2y, and how does PHP_VERSION look like
return false;
}
if (!can_use_password_API()) {
trigger_error("The Password Compatibility Library requires PHP >= 5.3.7 or PHP >= 5.3.3-7+squeeze4 on debian", E_USER_WARNING);
// Prevent defining the functions
return;
}
if (!defined('PASSWORD_BCRYPT')) {
define('PASSWORD_BCRYPT', 1);
define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
/**
* Hash the password using the specified algorithm
*
* @param string $password The password to hash
* @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
* @param array $options The options for the algorithm to use
*
* @returns string|false The hashed password, or false on error.