/** * create * * @param string $password * * @return string */ public function create($password) { $salt = $this->salt ?: str_replace('+', '.', base64_encode(CryptHelper::genRandomBytes(64))); switch ($this->type) { case static::MD5: $salt = '$1$' . $salt . '$'; break; case static::SHA256: $cost = CryptHelper::limitInteger($this->cost, 1000); $salt = '$5$rounds=' . $cost . '$' . $salt . '$'; break; case static::SHA512: $cost = CryptHelper::limitInteger($this->cost, 1000); $salt = '$6$rounds=' . $cost . '$' . $salt . '$'; break; default: case static::BLOWFISH: $prefix = version_compare(PHP_VERSION, '5.3.7') >= 0 ? '$2y$' : '$2a$'; $salt = CryptHelper::repeatToLength($salt, 21); $salt = $prefix . CryptHelper::limitInteger($this->cost, 4, 31) . '$' . $salt . '$'; break; } return crypt($password, $salt); }
/** * Generate a random password. * * This is a fork of Joomla JUserHelper::genRandomPassword() * * @param integer $length Length of the password to generate * * @return string Random Password * * @see https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/user/helper.php#L642 * @since 2.0.9 */ public static function genRandomPassword($length = 8) { $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $base = strlen($salt); $password = ''; /* * Start with a cryptographic strength random string, then convert it to * a string with the numeric base of the salt. * Shift the base conversion on each character so the character * distribution is even, and randomize the start shift so it's not * predictable. */ $random = CryptHelper::genRandomBytes($length + 1); $shift = ord($random[0]); for ($i = 1; $i <= $length; ++$i) { $password .= $salt[($shift + ord($random[$i])) % $base]; $shift += ord($random[$i]); } return $password; }