ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilBcryptPhpPasswordEncoder.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
26class ilBcryptPhpPasswordEncoder extends ilBasePasswordEncoder
27{
28 private const string COST = 'cost';
29
30 private string $costs = '08';
31
36 public function __construct(array $config = [])
37 {
38 foreach ($config as $key => $value) {
39 if (strtolower($key) === self::COST) {
40 $this->setCosts($value);
41 }
42 }
43
44 if (!isset($config[self::COST]) && static::class === self::class) {
45 // Determine the costs only if they are not passed in constructor
46 $this->setCosts((string) $this->benchmarkCost());
47 }
48 }
49
54 public function benchmarkCost(float $time_target = 0.05): int
55 {
56 $cost = 8;
57
58 do {
59 ++$cost;
60 $start = microtime(true);
61 $encoder = new self([self::COST => (string) $cost]);
62 $encoder->encodePassword('test', '');
63 $end = microtime(true);
64 } while (($end - $start) < $time_target && $cost < 32);
65
66 return $cost;
67 }
68
69 public function getName(): string
70 {
71 return 'bcryptphp';
72 }
73
74 public function getCosts(): string
75 {
76 return $this->costs;
77 }
78
79 public function setCosts(string $costs): void
80 {
81 if ($costs !== '') {
82 $numeric_costs = (int) $costs;
83 if ($numeric_costs < 4 || $numeric_costs > 31) {
84 throw new ilPasswordException('The costs parameter of bcrypt must be in range 04-31');
85 }
86 $this->costs = sprintf('%1$02d', $numeric_costs);
87 }
88 }
89
90 public function encodePassword(string $raw, string $salt): string
91 {
92 if ($this->isPasswordTooLong($raw)) {
93 throw new ilPasswordException('Invalid password.');
94 }
95
96 return password_hash($raw, PASSWORD_BCRYPT, [
97 self::COST => $this->costs
98 ]);
99 }
100
101 public function isPasswordValid(string $encoded, string $raw, string $salt): bool
102 {
103 return password_verify($raw, $encoded);
104 }
105
106 public function requiresReencoding(string $encoded): bool
107 {
108 return password_needs_rehash($encoded, PASSWORD_BCRYPT, [
109 self::COST => $this->costs
110 ]);
111 }
112}
ilBcryptPhpPasswordEncoder\requiresReencoding
requiresReencoding(string $encoded)
Returns whether the encoded password needs to be re-encoded.
Definition: class.ilBcryptPhpPasswordEncoder.php:106
ilBcryptPhpPasswordEncoder\getName
getName()
Returns a unique name/id of the concrete password encoder.
Definition: class.ilBcryptPhpPasswordEncoder.php:69
ilBcryptPhpPasswordEncoder\encodePassword
encodePassword(string $raw, string $salt)
Encodes the raw password.
Definition: class.ilBcryptPhpPasswordEncoder.php:90
ilBcryptPhpPasswordEncoder\isPasswordValid
isPasswordValid(string $encoded, string $raw, string $salt)
Checks a raw password against an encoded password.
Definition: class.ilBcryptPhpPasswordEncoder.php:101
ilPasswordException
Class for user password exception handling in ILIAS.
Definition: class.ilPasswordException.php:26