Home Explore Help
Sign In
kevin
/
gilles-acezat
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c5b29bfdbe
Branches Tags
gilles-acezat
/
system
/
src
/
Grav
/
Common
/
User
/
Authentication.php

Authentication.php 1.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @package    Grav\Common\User
    5. 

  5.  *
    6. 

  6.  * @copyright  Copyright (C) 2015 - 2019 Trilby Media, LLC. All rights reserved.
    7. 

  7.  * @license    MIT License; see LICENSE file for details.
    8. 

  8.  */
    9. 

  9. 

  10. namespace Grav\Common\User;
    11. 

  11. 

  12. abstract class Authentication
    13. 

  13. {
    14. 

  14.     /**
    15. 

  15.      * Create password hash from plaintext password.
    16. 

  16.      *
    17. 

  17.      * @param string $password Plaintext password.
    18. 

  18.      *
    19. 

  19.      * @throws \RuntimeException
    20. 

  20.      * @return string
    21. 

  21.      */
    22. 

  22.     public static function create($password): string
    23. 

  23.     {
    24. 

  24.         if (!$password) {
    25. 

  25.             throw new \RuntimeException('Password hashing failed: no password provided.');
    26. 

  26.         }
    27. 

  27. 

  28.         $hash = password_hash($password, PASSWORD_DEFAULT);
    29. 

  29. 

  30.         if (!$hash) {
    31. 

  31.             throw new \RuntimeException('Password hashing failed: internal error.');
    32. 

  32.         }
    33. 

  33. 

  34.         return $hash;
    35. 

  35.     }
    36. 

  36. 

  37.     /**
    38. 

  38.      * Verifies that a password matches a hash.
    39. 

  39.      *
    40. 

  40.      * @param string $password Plaintext password.
    41. 

  41.      * @param string $hash     Hash to verify against.
    42. 

  42.      *
    43. 

  43.      * @return int              Returns 0 if the check fails, 1 if password matches, 2 if hash needs to be updated.
    44. 

  44.      */
    45. 

  45.     public static function verify($password, $hash): int
    46. 

  46.     {
    47. 

  47.         // Fail if hash doesn't match
    48. 

  48.         if (!$password || !$hash || !password_verify($password, $hash)) {
    49. 

  49.             return 0;
    50. 

  50.         }
    51. 

  51. 

  52.         // Otherwise check if hash needs an update.
    53. 

  53.         return password_needs_rehash($hash, PASSWORD_DEFAULT) ? 2 : 1;
    54. 

  54.     }
    55. 

  55. }
    56.