// KaiRo.at authentication utilities PHP class
// This class contains helper functions for the authentication system.
//
+ // private static $pwd_cost
+ // Store cost parameter for use with PHP password_hash function.
+ //
// static function checkPasswordConstraints($new_password, $user_email)
// Check password constraints and return an array of error messages (empty if all constraints are met).
//
// static function verifyTimeCode($timecode_to_verify, $session, [$validity_minutes])
// Verify a given time-based code and return true if it's valid or false if it's not.
// See createTimeCode() documentation for the session and validity paramerters.
+ //
+ // static function pwdHash($new_password)
+ // Return a hash for the given password.
+ //
+ // static function pwdVerify($password_to_verify, $user)
+ // Return true if the password verifies against the pwdhash field of the user, false if not.
+ //
+ // static function pwdNeedsRehash($user)
+ // Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed.
+
+ private static $pwd_cost = 10;
static function checkPasswordConstraints($new_password, $user_email) {
$errors = array();
static function verifyTimeCode($timecode_to_verify, $session, $validity_minutes = 10) {
if (preg_match('/^(\d+)\.\d+$/', $timecode_to_verify, $regs)) {
- return ($timecode_to_verify === AuthUtils::createTimeCode($session, $regs[1], $validity_minutes));
+ return ($timecode_to_verify === self::createTimeCode($session, $regs[1], $validity_minutes));
}
return false;
}
+
+ static function pwdHash($new_password) {
+ return password_hash($new_password, PASSWORD_DEFAULT, array('cost' => self::$pwd_cost));
+ }
+
+ static function pwdVerify($password_to_verify, $userdata) {
+ return password_verify($password_to_verify, $userdata['pwdhash']));
+ }
+
+ static function pwdNeedsRehash($userdata) {
+ return password_needs_rehash($userdata['pwdhash'], PASSWORD_DEFAULT, array('cost' => self::$pwd_cost));
+ }
}
?>