private static function runHash($para, $rehash = false) { if (empty($para)) { return false; } $option = []; if (!empty(self::$_salt)) { $option['salt'] = self::$_salt; } if (!empty(self::$_cost)) { $option['cost'] = self::$_cost; } if (!empty($option)) { if ($rehash) { return password_needs_rehash($para, self::$_algo, $option); } else { return password_hash($para, self::$_algo, $option); } } else { if ($rehash) { return password_needs_rehash($para, self::$_algo); } else { return password_hash($para, self::$_algo); } } }
/** * Logs a user in. * * @param string $username username * @param string $password password * @param boolean $remember enable autologin * @return boolean */ protected function _login($user, $password, $remember) { $user = $this->_load_user($user); if (!$user) { return false; } if (!$user->roles->has('login')) { return false; } $hash = $this->password($user); // If the passwords match, perform a login if (!password_verify($password, $hash)) { return false; } if (!$this->_config['hash_algorithm']) { throw new Kohana_Exception('A valid hash algorithm must be set in your auth config.'); } $hash_options = Arr::get($this->_config, 'hash_options', array()); // If options changed rehash password and update in database if (password_needs_rehash($hash, $this->_config['hash_algorithm'], $hash_options)) { $user->password = password_hash($password, $algorithm, $options); } if ($remember === TRUE) { $this->remember($user); } // Finish the login $this->complete_login($user); return true; }
public function Authenticate(array $params) { if (!isset($params['username']) || !isset($params['password']) || empty($params['db'])) { throw new Exception('DatabaseAuthenticator expects a connection, a username and a password'); } $this->db = $params['db']; $query = 'SELECT u.username, u.password FROM users u LEFT JOIN user_company_access uca ON (u.username=uca.username) LEFT JOIN system_companies sc ON (uca.usercompanyid=sc.id) WHERE sc.enabled AND uca.enabled AND u.username=?'; $query_params = array($params['username']); $test = $this->db->GetAssoc($query, $query_params); if ($test !== false && !is_null($test)) { // try against default hash if (password_verify($params['password'], $test[$params['username']])) { if (password_needs_rehash($test[$params['username']], PASSWORD_DEFAULT)) { $this->update_hash($params['password'], $params['username']); } return TRUE; } // try against hashed md5 if (password_verify(md5($params['password']), $test[$params['username']])) { // update hash $this->update_hash($params['password'], $params['username']); return TRUE; } } return FALSE; }
function session($user, $pass) { $user_file = 'config/users/' . $user . '.ini'; if (!file_exists($user_file)) { return $str = '<li>Username not found in our record.</li>'; } $user_enc = user('encryption', $user); $user_pass = user('password', $user); $user_role = user('role', $user); if ($user_enc == "password_hash") { if (password_verify($pass, $user_pass)) { if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) { update_user($user, $pass, $user_role); } $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); } else { return $str = '<li>Your username and password mismatch.</li>'; } } else { if (old_password_verify($pass, $user_enc, $user_pass)) { update_user($user, $pass, $user_role); $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); } else { return $str = '<li>Your username and password mismatch.</li>'; } } }
/** * Checks if the given hash matches the given options * * @param string $sPwd * @param string $sHash * * @return mixed (string | boolean) Returns the new password if the password needs to be rehash, otherwise FALSE */ public static function pwdNeedsRehash($sPwd, $sHash) { if (password_needs_rehash($sHash, self::PWD_ALGORITHM, self::$_aPwdOptions)) { return self::hashPwd($sPwd); } return false; }
public function needsRehash($hash = null) { if (is_null($hash)) { $hash = $this->value; } return password_needs_rehash($hash, PASSWORD_BCRYPT, ['cost' => 10]); }
public function checkPassword($password) { /* * If there is no password hashing mechanism, we should abort ASAP. Since * nothing the application could do then would make any sense. */ if (!function_exists('password_hash')) { throw new PrivateException('Password hashing algorithm is missing. Please check your PHP version', 1602270012); } /* * If the password doesn't match, then we need to tell the user that whatever * he wrote into the form was not acceptable. */ if (!password_verify($password, $this->password)) { return false; } /* * Getting here means the password was correct, we can now ensure that it's * up to speed with the latest encryption and rehash it in case it's needed. */ if (password_needs_rehash($this->password, PASSWORD_DEFAULT)) { $this->password = password_hash($password, PASSWORD_DEFAULT); $this->store(); } return true; }
public function userLoad($login, $password, $uid = -1) { // Load a compatibility wrapper for PHP versions prior to 5.5.0 if (!function_exists("password_hash")) { include "app/inc/password_compat.php"; } $this->prepare("userQuery", "SELECT U.password, U.uid FROM `tbl_users` U where ( U.login = :login OR U.uid = :uid )"); $this->bindValue("userQuery", ":login", $login, \PDO::PARAM_STR); $this->bindValue("userQuery", ":uid", $uid, \PDO::PARAM_INT); $user = $this->execute("userQuery"); if (sizeof($user) == 0) { return FALSE; } else { $user = $user[0]; } if (password_verify($password, $user['password'])) { // Check if the password requires improvement if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { $this->userChangePW($user['uid'], $password); } } elseif ($user['password'] == md5($password)) { $this->userChangePW($user['uid'], $password); } else { return FALSE; } $this->userSession($user['uid']); return $user['uid']; }
public static function rehash($value) { if (password_needs_rehash($value, PASSWORD_BCRYPT)) { return password_hash($value, PASSWORD_BCRYPT); } return $value; }
/** * Hash the answer * * @param string $value Answer to question * @return string Hashed answer */ public function preAnswer($value) { if (password_needs_rehash($value, PASSWORD_DEFAULT) === true) { $value = password_hash($value, PASSWORD_DEFAULT); } return $value; }
function check_admin_login($username, $password) { $query = $this->db->get_where('admin_users', array('username' => $username)); if ($query->num_rows() > 0) { $row = $query->row(); } else { return array(false, 'invalid_credentials'); } if (intval($row->active) !== 1) { return array(false, 'user_revoked'); } if (intval($row->failed_access) >= 5) { return array(false, 'user_locked'); } if (password_verify($password, $row->password)) { // Check if a newer hashing algorithm is available or the cost has changed if (password_needs_rehash($row->password, PASSWORD_DEFAULT)) { // If so, create a new hash, and replace the old one $newHash = password_hash($password, PASSWORD_DEFAULT); $this->db->where('username', $username); $this->db->update('admin_users', array('password' => $newHash)); } $this->db->where('username', $username); $this->db->update('admin_users', array('failed_access' => 0)); return array(true, $username); } else { $this->db->where('username', $username); $this->db->update('admin_users', array('failed_access' => $row->failed_access + 1)); return array(false, 'invalid_credentials'); } }
public static function doesItNeedRehashing($hash) { if (!is_string($hash)) { return false; } return password_needs_rehash($hash, PASSWORD_DEFAULT); }
/** * Does this password require rehashing * * @param $hash string * @return boolean **/ function needsRehash($hash) { if (Hashing::isSupported()) { return password_needs_rehash($hash, PASSWORD_BCRYPT); } return false; }
public function needsNewHash() { if (password_needs_rehash($this->password, PASSWORD_DEFAULT)) { return true; } return false; }
public function authenticate($username = null, $password = null) { if (is_null($username) || is_null($password)) { return false; } $db = UniversalConnect::doConnect(); $usernameToCheck = $db->real_escape_string(trim($username)); $passwordToCheck = $db->real_escape_string(trim($password)); $query = "SELECT userkey, password, usertype FROM users WHERE userid=\"{$usernameToCheck}\" LIMIT 1"; $result = $db->query($query) or die($db->error . $query); if ($result->num_rows < 1) { return false; } while ($row = $result->fetch_assoc()) { if (password_verify($passwordToCheck, $row["password"])) { if (password_needs_rehash($row["password"], PASSWORD_DEFAULT)) { $newHash = password_hash($passwordToCheck, PASSWORD_DEFAULT); $query = "UPDATE users SET password=\"{$newHash}\" WHERE userkey=" . $row["userkey"]; $db->query($query); } return true; } else { return false; } } }
public function upgrade($password, $hash) { if (password_needs_rehash($hash, $this->algo, $this->options)) { return $this->hash($password); } return false; }
function passwordExists($dbConn, $username, $password) { $isValid = false; $dbQuery = "SELECT Password FROM USERS WHERE Username = '******' LIMIT 1"; FB::info('passwordExists() query: ' . $dbQuery); $dbRows = mysqli_query($dbConn, $dbQuery); $dbValues = mysqli_fetch_assoc($dbRows); $dbPassword = $dbValues['Password']; if (password_verify($password, $dbPassword)) { $isValid = true; FB::log('Password is valid!'); // Check if the password needs a rehash. if (password_needs_rehash($dbPassword, PASSWORD_DEFAULT)) { FB::log('Rehashing password!'); $dbPassword = password_hash($password, PASSWORD_DEFAULT); $dbQuery = "UPDATE USERS SET Password = '******' WHERE Username = '******'"; FB::info('Password rehash query: ' . $dbQuery); $dbRows = mysqli_query($dbConn, $dbQuery); if ($dbRows) { FB::log('Password rehash successful!'); } else { FB::error('Password rehash failed: ' . mysqli_error($dbConn)); } } } return $isValid; }
/** * Checks if the given hash matches the given options * * @param string $hash Hash for check * * @return bool Return the hashed password */ public function needsRehash(string $hash) : bool { if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->options)) { return true; } return false; }
public function recalculateHashIfNecessary($password, PasswordHashOptions $wantedOptions, $currentHash) { $result = $currentHash; if (password_needs_rehash($currentHash, PASSWORD_DEFAULT, $wantedOptions->toArray())) { $result = $this->calculateHash($password, $wantedOptions); } return $result; }
public function needRehash() { if (password_needs_rehash($this->hash, PASSWORD_DEFAULT, $this->options)) { return TRUE; } else { return FALSE; } }
/** * {@inheritdoc} */ public function needsRehash($hash, $hashed_with) { if ($hashed_with === self::HASHED_WITH_PHP) { return password_needs_rehash($hash, PASSWORD_DEFAULT); } else { return true; } }
public function password_hashing() { echo '<a href="http://www.codeigniter.com/user_guide/general/compatibility_functions.html">read</a>'; $hash = 'password_hash'; echo password_hash($hash, PASSWORD_DEFAULT); echo password_get_info($hash); echo password_needs_rehash($hash, PASSWORD_DEFAULT); echo password_verify('password_hash', $hash); }
/** * @param mixed $val The value, at time of saving. * @return string */ public function save($val) { $password = $val; // Assuming the password_needs_rehash is set to true is the hash given isn't a hash if (password_needs_rehash($password, PASSWORD_DEFAULT)) { $val = password_hash($password, PASSWORD_DEFAULT); } return $val; }
/** * Verifies that a password matches a hash. * * @param string $password Plaintext password. * @param string $hash Hash to verify against. * * @return int Returns 0 if the check fails, 1 if password matches, 2 if hash needs to be updated. */ public static function verify($password, $hash) { // Fail if hash doesn't match if (!$password || !$hash || !password_verify($password, $hash)) { return 0; } // Otherwise check if hash needs an update. return password_needs_rehash($hash, PASSWORD_DEFAULT) ? 2 : 1; }
public function save() { $password = $this->getValue('password'); if (password_needs_rehash($password, PASSWORD_DEFAULT)) { $password = password_hash($password, PASSWORD_DEFAULT); } $this->setValue('password', $password); parent::save(); }
/** * @return bool */ public function needsRehash() { $hash = $this->getHash(); if ($this->functionExists('password_needs_rehash')) { $result = password_needs_rehash($hash, PASSWORD_DEFAULT); } else { $result = $this->getCompat()->needsRehash($hash); } return $result; }
private function verifyPassword(User $user, string $password) { if (!password_verify($password, $user->getPassword())) { throw LoginFailedException::invalidCredentials(); } if (password_needs_rehash($user->getPassword(), $this->algorithm, $this->passwordOptions)) { $user->setPassword(password_hash($password, $this->algorithm, $this->passwordOptions)); $this->userRepository->update($user); } }
/** * * @param string $plainPassword * @param string $hash * @return boolean */ public function verify($plainPassword, $hash) { if (password_verify($plainPassword, $hash)) { if (password_needs_rehash($hash, $this->algo, $this->options)) { $plainPassword = password_hash($plainPassword, $this->algo, $this->options); } return true; } return false; }
/** * Update a hash, if needed. * * @param string $pass String to create hash from. * @param string $hash Hash to check. * * @return string */ public function update($pass, $hash = null) { if (!$hash) { $hash = $this->hash; } if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->opts)) { $this->hash = $this->create($pass, PASSWORD_DEFAULT, $this->opts); } return $this->hash; }
/** * @param string $hash * @return bool */ public function needsRehash($hash) { $clear = Helpers::getHash($hash); $signatureLength = $this->getSignatureLength(); $ivLength = $this->getIvLength(); if (!$this->verifySignature(Helpers::substr($clear, 0, $signatureLength), Helpers::substr($clear, $signatureLength))) { throw new \Ark8\Passwords\Exceptions\SignatureException('Signature does not match.'); } return password_needs_rehash($this->decrypt(Helpers::substr($clear, $signatureLength, $ivLength), Helpers::substr($clear, $signatureLength + $ivLength)), PASSWORD_BCRYPT, ['cost' => $this->context->getBcryptCost()]); }