/** * Check if the given password is the same as the one stored in this record. * See {@link Member->checkPassword()}. * * @param String $password Cleartext password * @return Boolean */ public function checkPassword($password) { $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); return $e->check($this->Password, $password, $this->Salt, $this->Member()); }
/** * Utility for generating secure password hashes for this member. * * @param string $string * @return string * @throws PasswordEncryptor_NotFoundException */ public function encryptWithUserSettings($string) { if (!$string) { return null; } // If the algorithm or salt is not available, it means we are operating // on legacy account with unhashed password. Do not hash the string. if (!$this->PasswordEncryption) { return $string; } // We assume we have PasswordEncryption and Salt available here. $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); return $e->encrypt($string, $this->Salt); }
/** * Encrypt a password according to the current password encryption settings. * If the settings are so that passwords shouldn't be encrypted, the * result is simple the clear text password with an empty salt except when * a custom algorithm ($algorithm parameter) was passed. * * @param string $password The password to encrypt * @param string $salt Optional: The salt to use. If it is not passed, but * needed, the method will automatically create a * random salt that will then be returned as return value. * @param string $algorithm Optional: Use another algorithm to encrypt the * password (so that the encryption algorithm can be changed over the time). * @param Member $member Optional * @return mixed Returns an associative array containing the encrypted * password and the used salt in the form: * <code> * array( * 'password' => string, * 'salt' => string, * 'algorithm' => string, * 'encryptor' => PasswordEncryptor instance * ) * </code> * If the passed algorithm is invalid, FALSE will be returned. * * @see encrypt_passwords() */ public static function encrypt_password($password, $salt = null, $algorithm = null, $member = null) { // Fall back to the default encryption algorithm if (!$algorithm) { $algorithm = self::config()->password_encryption_algorithm; } $e = PasswordEncryptor::create_for_algorithm($algorithm); // New salts will only need to be generated if the password is hashed for the first time $salt = $salt ? $salt : $e->salt($password); return array('password' => $e->encrypt($password, $salt, $member), 'salt' => $salt, 'algorithm' => $algorithm, 'encryptor' => $e); }
/** * See http://open.silverstripe.org/ticket/3004 * * Handy command for reproducing via CLI on different architectures: * php -r "echo(base_convert(sha1('mypassword'), 16, 36));" */ public function testEncryptorLegacyPHPHashCheck() { Config::inst()->update('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', ['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]); $e = PasswordEncryptor::create_for_algorithm('test_sha1legacy'); // precomputed hashes for 'mypassword' from different architectures $amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s'; $intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws'; $wrongHash = 'h1fjxxxxxxxxxxxxxxxxxxxxxxxxxxx'; $this->assertTrue($e->check($amdHash, "mypassword")); $this->assertTrue($e->check($intelHash, "mypassword")); $this->assertFalse($e->check($wrongHash, "mypassword")); }