/**
* Given a string return it's hash and the internal integer hashing algorithm code used to hash that string.
*
* Note that this can be used for more than just user login passwords. If a user-readale password-like code is needed,
* then this method may be suitable.
*
* @param string $unhashedPassword An unhashed password, as might be entered by a user or generated by the system, that meets
* all of the constraints of a valid password for a user account.
* @param int $hashMethodCode An internal code identifying one of the valid user password hashing methods; optional, leave this
* unset (null) when creating a new password for a user to get the currently configured system
* hashing method, otherwise to hash a password for comparison, specify the method used to hash
* the original password.
*
* @return array|bool An array containing two elements: 'hash' containing the hashed password, and 'hashMethodCode' containing the
* internal integer hashing algorithm code used to hash the password; false if the password does not meet the
* constraints of a valid password, or if the hashing method (stored in the Users module 'hash_method' var) is
* not valid.
*/
public static function getHashedPassword($unhashedPassword, $hashMethodCode = null)
{
if (isset($hashMethodCode)) {
if (!is_numeric($hashMethodCode) || (int) $hashMethodCode != $hashMethodCode) {
return LogUtil::registerArgsError();
}
$hashAlgorithmName = self::getPasswordHashMethodName($hashMethodCode);
if (!$hashAlgorithmName) {
return LogUtil::registerArgsError();
}
} else {
$hashAlgorithmName = ModUtil::getVar('Users', 'hash_method', '');
$hashMethodCode = self::getPasswordHashMethodCode($hashAlgorithmName);
if (!$hashMethodCode) {
return LogUtil::registerArgsError();
}
}
return SecurityUtil::getSaltedHash($unhashedPassword, $hashAlgorithmName, self::getPasswordHashMethods(false), 5, UsersConstant::SALT_DELIM);
// FIXME this return is not reached
return array('hashMethodCode' => $hashMethodCode, 'hash' => hash($hashAlgorithmName, $unhashedPassword));
}
/**
* Given a string return it's hash and the internal integer hashing algorithm code used to hash that string.
*
* Note that this can be used for more than just user login passwords. If a user-readale password-like code is needed,
* then this method may be suitable.
*
* @param string $unhashedPassword An unhashed password, as might be entered by a user or generated by the system, that meets
* all of the constraints of a valid password for a user account.
* @param int $hashMethodCode An internal code identifying one of the valid user password hashing methods; optional, leave this
* unset (null) when creating a new password for a user to get the currently configured system
* hashing method, otherwise to hash a password for comparison, specify the method used to hash
* the original password.
*
* @return array|bool An array containing two elements: 'hash' containing the hashed password, and 'hashMethodCode' containing the
* internal integer hashing algorithm code used to hash the password; false if the password does not meet the
* constraints of a valid password, or if the hashing method (stored in the Users module 'hash_method' var) is
* not valid.
*/
public static function getHashedPassword($unhashedPassword, $hashMethodCode = null)
{
if (isset($hashMethodCode)) {
if (!is_numeric($hashMethodCode) || (int) $hashMethodCode != $hashMethodCode) {
throw new \InvalidArgumentException(__('Invalid arguments array received'));
}
$hashAlgorithmName = self::getPasswordHashMethodName($hashMethodCode);
if (!$hashAlgorithmName) {
throw new \InvalidArgumentException(__('Invalid arguments array received'));
}
} else {
$hashAlgorithmName = ModUtil::getVar('ZikulaUsersModule', 'hash_method', '');
$hashMethodCode = self::getPasswordHashMethodCode($hashAlgorithmName);
if (!$hashMethodCode) {
throw new \InvalidArgumentException(__('Invalid arguments array received'));
}
}
return SecurityUtil::getSaltedHash($unhashedPassword, $hashAlgorithmName, self::getPasswordHashMethods(false), 5, UsersConstant::SALT_DELIM);
// FIXME this return is not reached
return array('hashMethodCode' => $hashMethodCode, 'hash' => hash($hashAlgorithmName, $unhashedPassword));
}
