X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=authutils.php-class;fp=authutils.php-class;h=dfb89a22b6d5115a805e3d441db836edf9c1e25c;hp=6686f7bd5676984571b6b773050921e43c8ab793;hb=be1082a69cdf3dec7db4060198834dd43ae6290f;hpb=d46a42f1c9fcf2191b42f9df10ae6dd876e6f10b

diff --git a/authutils.php-class b/authutils.php-class
index 6686f7b..dfb89a2 100755
--- a/authutils.php-class
+++ b/authutils.php-class
@@ -7,6 +7,9 @@ class AuthUtils {
   // KaiRo.at authentication utilities PHP class
   // This class contains helper functions for the authentication system.
   //
+  // private static $pwd_cost
+  //   Store cost parameter for use with PHP password_hash function.
+  //
   // static function checkPasswordConstraints($new_password, $user_email)
   //   Check password constraints and return an array of error messages (empty if all constraints are met).
   //
@@ -24,6 +27,17 @@ class AuthUtils {
   // static function verifyTimeCode($timecode_to_verify, $session, [$validity_minutes])
   //   Verify a given time-based code and return true if it's valid or false if it's not.
   //     See createTimeCode() documentation for the session and validity paramerters.
+  //
+  // static function pwdHash($new_password)
+  //   Return a hash for the given password.
+  //
+  // static function pwdVerify($password_to_verify, $user)
+  //   Return true if the password verifies against the pwdhash field of the user, false if not.
+  //
+  // static function pwdNeedsRehash($user)
+  //   Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed.
+
+  private static $pwd_cost = 10;
 
   static function checkPasswordConstraints($new_password, $user_email) {
     $errors = array();
@@ -73,9 +87,21 @@ class AuthUtils {
 
   static function verifyTimeCode($timecode_to_verify, $session, $validity_minutes = 10) {
     if (preg_match('/^(\d+)\.\d+$/', $timecode_to_verify, $regs)) {
-      return ($timecode_to_verify === AuthUtils::createTimeCode($session, $regs[1], $validity_minutes));
+      return ($timecode_to_verify === self::createTimeCode($session, $regs[1], $validity_minutes));
     }
     return false;
   }
+
+  static function pwdHash($new_password) {
+    return password_hash($new_password, PASSWORD_DEFAULT, array('cost' => self::$pwd_cost));
+  }
+
+  static function pwdVerify($password_to_verify, $userdata) {
+    return password_verify($password_to_verify, $userdata['pwdhash']));
+  }
+
+  static function pwdNeedsRehash($userdata) {
+    return password_needs_rehash($userdata['pwdhash'], PASSWORD_DEFAULT, array('cost' => self::$pwd_cost));
+  }
 }
 ?>