[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Part of the Joomla Framework Authentication Package 4 * 5 * @copyright Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved. 6 * @license GNU General Public License version 2 or later; see LICENSE 7 */ 8 9 namespace Joomla\Authentication\Password; 10 11 use Joomla\Authentication\Exception\UnsupportedPasswordHandlerException; 12 13 /** 14 * Password handler for Argon2i hashed passwords 15 * 16 * @since 1.2.0 17 */ 18 class Argon2iHandler implements HandlerInterface 19 { 20 /** 21 * Generate a hash for a plaintext password 22 * 23 * @param string $plaintext The plaintext password to validate 24 * @param array $options Options for the hashing operation 25 * 26 * @return string 27 * 28 * @since 1.2.0 29 * @throws UnsupportedPasswordHandlerException if the password handler is not supported 30 */ 31 public function hashPassword($plaintext, array $options = []) 32 { 33 // Use the password extension if able 34 if (\defined('PASSWORD_ARGON2I')) 35 { 36 return password_hash($plaintext, \PASSWORD_ARGON2I, $options); 37 } 38 39 // Use the sodium extension (PHP 7.2 native or PECL 2.x) if able 40 if (\function_exists('sodium_crypto_pwhash_str_verify')) 41 { 42 $hash = sodium_crypto_pwhash_str( 43 $plaintext, 44 \SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, 45 \SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE 46 ); 47 sodium_memzero($plaintext); 48 49 return $hash; 50 } 51 52 // Use the libsodium extension (PECL 1.x) if able 53 if (\extension_loaded('libsodium')) 54 { 55 $hash = \Sodium\crypto_pwhash_str( 56 $plaintext, 57 \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, 58 \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE 59 ); 60 \Sodium\memzero($plaintext); 61 62 return $hash; 63 } 64 65 throw new UnsupportedPasswordHandlerException('Argon2i algorithm is not supported.'); 66 } 67 68 /** 69 * Check that the password handler is supported in this environment 70 * 71 * @return boolean 72 * 73 * @since 1.2.0 74 */ 75 public static function isSupported() 76 { 77 // Check for native PHP engine support in the password extension 78 if (\defined('PASSWORD_ARGON2I')) 79 { 80 return true; 81 } 82 83 // Check if the sodium_compat polyfill is installed and look for compatibility through that 84 if (class_exists('\\ParagonIE_Sodium_Compat') && method_exists('\\ParagonIE_Sodium_Compat', 'crypto_pwhash_is_available')) 85 { 86 return \ParagonIE_Sodium_Compat::crypto_pwhash_is_available(); 87 } 88 89 // Check for support from the (lib)sodium extension 90 return \function_exists('sodium_crypto_pwhash_str') || \extension_loaded('libsodium'); 91 } 92 93 /** 94 * Validate a password 95 * 96 * @param string $plaintext The plain text password to validate 97 * @param string $hashed The password hash to validate against 98 * 99 * @return boolean 100 * 101 * @since 1.2.0 102 * @throws UnsupportedPasswordHandlerException if the password handler is not supported 103 */ 104 public function validatePassword($plaintext, $hashed) 105 { 106 // Use the password extension if able 107 if (\defined('PASSWORD_ARGON2I')) 108 { 109 return password_verify($plaintext, $hashed); 110 } 111 112 // Use the sodium extension (PHP 7.2 native or PECL 2.x) if able 113 if (\function_exists('sodium_crypto_pwhash_str_verify')) 114 { 115 $valid = sodium_crypto_pwhash_str_verify($hashed, $plaintext); 116 sodium_memzero($plaintext); 117 118 return $valid; 119 } 120 121 // Use the libsodium extension (PECL 1.x) if able 122 if (\extension_loaded('libsodium')) 123 { 124 $valid = \Sodium\crypto_pwhash_str_verify($hashed, $plaintext); 125 \Sodium\memzero($plaintext); 126 127 return $valid; 128 } 129 130 throw new UnsupportedPasswordHandlerException('Argon2i algorithm is not supported.'); 131 } 132 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |