Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: ba9702b441
Branches Tags
TechEmpower.Fra...
/
frameworks
/
PHP
/
php-fatfree
/
lib
/
bcrypt.php

bcrypt.php 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4. 	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.
    5. 

  5. 

  6. 	This file is part of the Fat-Free Framework (http://fatfree.sf.net).
    7. 

  7. 

  8. 	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
    9. 

  9. 	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
    10. 

  10. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
    11. 

  11. 	PURPOSE.
    12. 

  12. 

  13. 	Please see the license.txt file for more information.
    14. 

  14. */
    15. 

  15. 

  16. //! Lightweight password hashing library
    17. 

  17. class Bcrypt extends Prefab {
    18. 

  18. 

  19. 	//@{ Error messages
    20. 

  20. 	const
    21. 

  21. 		E_CostArg='Invalid cost parameter',
    22. 

  22. 		E_SaltArg='Salt must be at least 22 alphanumeric characters';
    23. 

  23. 	//@}
    24. 

  24. 

  25. 	//! Default cost
    26. 

  26. 	const
    27. 

  27. 		COST=10;
    28. 

  28. 

  29. 	/**
    30. 

  30. 	*	Generate bcrypt hash of string
    31. 

  31. 	*	@return string|FALSE
    32. 

  32. 	*	@param $pw string
    33. 

  33. 	*	@param $salt string
    34. 

  34. 	*	@param $cost int
    35. 

  35. 	**/
    36. 

  36. 	function hash($pw,$salt=NULL,$cost=self::COST) {
    37. 

  37. 		if ($cost<4 || $cost>31)
    38. 

  38. 			user_error(self::E_CostArg);
    39. 

  39. 		$len=22;
    40. 

  40. 		if ($salt) {
    41. 

  41. 			if (!preg_match('/^[[:alnum:]\.\/]{'.$len.',}$/',$salt))
    42. 

  42. 				user_error(self::E_SaltArg);
    43. 

  43. 		}
    44. 

  44. 		else {
    45. 

  45. 			$raw=16;
    46. 

  46. 			$iv='';
    47. 

  47. 			if (extension_loaded('mcrypt'))
    48. 

  48. 				$iv=mcrypt_create_iv($raw,MCRYPT_DEV_URANDOM);
    49. 

  49. 			if (!$iv && extension_loaded('openssl'))
    50. 

  50. 				$iv=openssl_random_pseudo_bytes($raw);
    51. 

  51. 			if (!$iv)
    52. 

  52. 				for ($i=0;$i<$raw;$i++)
    53. 

  53. 					$iv.=chr(mt_rand(0,255));
    54. 

  54. 			$salt=str_replace('+','.',base64_encode($iv));
    55. 

  55. 		}
    56. 

  56. 		$salt=substr($salt,0,$len);
    57. 

  57. 		$hash=crypt($pw,sprintf('$2y$%02d$',$cost).$salt);
    58. 

  58. 		return strlen($hash)>13?$hash:FALSE;
    59. 

  59. 	}
    60. 

  60. 

  61. 	/**
    62. 

  62. 	*	Check if password is still strong enough
    63. 

  63. 	*	@return bool
    64. 

  64. 	*	@param $hash string
    65. 

  65. 	*	@param $cost int
    66. 

  66. 	**/
    67. 

  67. 	function needs_rehash($hash,$cost=self::COST) {
    68. 

  68. 		list($pwcost)=sscanf($hash,"$2y$%d$");
    69. 

  69. 		return $pwcost<$cost;
    70. 

  70. 	}
    71. 

  71. 

  72. 	/**
    73. 

  73. 	*	Verify password against hash using timing attack resistant approach
    74. 

  74. 	*	@return bool
    75. 

  75. 	*	@param $pw string
    76. 

  76. 	*	@param $hash string
    77. 

  77. 	**/
    78. 

  78. 	function verify($pw,$hash) {
    79. 

  79. 		$val=crypt($pw,$hash);
    80. 

  80. 		$len=strlen($val);
    81. 

  81. 		if ($len!=strlen($hash) || $len<14)
    82. 

  82. 			return FALSE;
    83. 

  83. 		$out=0;
    84. 

  84. 		for ($i=0;$i<$len;$i++)
    85. 

  85. 			$out|=(ord($val[$i])^ord($hash[$i]));
    86. 

  86. 		return $out===0;
    87. 

  87. 	}
    88. 

  88. 

  89. }
    90.