예제 #1
0
 /**
  * Given a string return it's hash and the internal integer hashing algorithm code used to hash that string.
  *
  * Note that this can be used for more than just user login passwords. If a user-readale password-like code is needed,
  * then this method may be suitable.
  *
  * @param string $unhashedPassword An unhashed password, as might be entered by a user or generated by the system, that meets
  *                                  all of the constraints of a valid password for a user account.
  * @param int $hashMethodCode An internal code identifying one of the valid user password hashing methods; optional, leave this
  *                                  unset (null) when creating a new password for a user to get the currently configured system
  *                                  hashing method, otherwise to hash a password for comparison, specify the method used to hash
  *                                  the original password.
  *
  * @return array|bool An array containing two elements: 'hash' containing the hashed password, and 'hashMethodCode' containing the
  *                      internal integer hashing algorithm code used to hash the password; false if the password does not meet the
  *                      constraints of a valid password, or if the hashing method (stored in the Users module 'hash_method' var) is
  *                      not valid.
  */
 public static function getHashedPassword($unhashedPassword, $hashMethodCode = null)
 {
     if (isset($hashMethodCode)) {
         if (!is_numeric($hashMethodCode) || (int) $hashMethodCode != $hashMethodCode) {
             return LogUtil::registerArgsError();
         }
         $hashAlgorithmName = self::getPasswordHashMethodName($hashMethodCode);
         if (!$hashAlgorithmName) {
             return LogUtil::registerArgsError();
         }
     } else {
         $hashAlgorithmName = ModUtil::getVar('Users', 'hash_method', '');
         $hashMethodCode = self::getPasswordHashMethodCode($hashAlgorithmName);
         if (!$hashMethodCode) {
             return LogUtil::registerArgsError();
         }
     }
     return SecurityUtil::getSaltedHash($unhashedPassword, $hashAlgorithmName, self::getPasswordHashMethods(false), 5, UsersConstant::SALT_DELIM);
     // FIXME this return is not reached
     return array('hashMethodCode' => $hashMethodCode, 'hash' => hash($hashAlgorithmName, $unhashedPassword));
 }
예제 #2
0
파일: UserUtil.php 프로젝트: rmaiwald/core
 /**
  * Given a string return it's hash and the internal integer hashing algorithm code used to hash that string.
  *
  * Note that this can be used for more than just user login passwords. If a user-readale password-like code is needed,
  * then this method may be suitable.
  *
  * @param string $unhashedPassword An unhashed password, as might be entered by a user or generated by the system, that meets
  *                                  all of the constraints of a valid password for a user account.
  * @param int $hashMethodCode An internal code identifying one of the valid user password hashing methods; optional, leave this
  *                                  unset (null) when creating a new password for a user to get the currently configured system
  *                                  hashing method, otherwise to hash a password for comparison, specify the method used to hash
  *                                  the original password.
  *
  * @return array|bool An array containing two elements: 'hash' containing the hashed password, and 'hashMethodCode' containing the
  *                      internal integer hashing algorithm code used to hash the password; false if the password does not meet the
  *                      constraints of a valid password, or if the hashing method (stored in the Users module 'hash_method' var) is
  *                      not valid.
  */
 public static function getHashedPassword($unhashedPassword, $hashMethodCode = null)
 {
     if (isset($hashMethodCode)) {
         if (!is_numeric($hashMethodCode) || (int) $hashMethodCode != $hashMethodCode) {
             throw new \InvalidArgumentException(__('Invalid arguments array received'));
         }
         $hashAlgorithmName = self::getPasswordHashMethodName($hashMethodCode);
         if (!$hashAlgorithmName) {
             throw new \InvalidArgumentException(__('Invalid arguments array received'));
         }
     } else {
         $hashAlgorithmName = ModUtil::getVar('ZikulaUsersModule', 'hash_method', '');
         $hashMethodCode = self::getPasswordHashMethodCode($hashAlgorithmName);
         if (!$hashMethodCode) {
             throw new \InvalidArgumentException(__('Invalid arguments array received'));
         }
     }
     return SecurityUtil::getSaltedHash($unhashedPassword, $hashAlgorithmName, self::getPasswordHashMethods(false), 5, UsersConstant::SALT_DELIM);
     // FIXME this return is not reached
     return array('hashMethodCode' => $hashMethodCode, 'hash' => hash($hashAlgorithmName, $unhashedPassword));
 }