REL1_33/php/BcryptPassword_8php_source.html

<?php


class BcryptPassword extends ParameterizedPassword {


    protected function getDefaultParams() {

        return [

            'rounds' => $this->config['cost'],

        ];

    }


    protected function getDelimiter() {

        return '$';

    }


    protected function parseHash( $hash ) {

        parent::parseHash( $hash );


        $this->params['rounds'] = (int)$this->params['rounds'];

    }


    public function crypt( $password ) {

        if ( !defined( 'CRYPT_BLOWFISH' ) ) {

            throw new MWException( 'Bcrypt is not supported.' );

        }


        // Either use existing hash or make a new salt

        // Bcrypt expects 22 characters of base64-encoded salt

        // Note: bcrypt does not use MIME base64. It uses its own base64 without any '=' padding.

        //       It expects a 128 bit salt, so it will ignore anything after the first 128 bits

        if ( !isset( $this->args[0] ) ) {

            $this->args[] = substr(

                // Replace + with ., because bcrypt uses a non-MIME base64 format

                strtr(

                    // Random base64 encoded string

                    base64_encode( random_bytes( 16 ) ),

                    '+', '.'

                ),

                0, 22

            );

        }


        $hash = crypt( $password,

            sprintf( '$2y$%02d$%s', (int)$this->params['rounds'], $this->args[0] ) );


        if ( !is_string( $hash ) || strlen( $hash ) <= 13 ) {

            throw new PasswordError( 'Error when hashing password.' );

        }


        // Strip the $2y$

        $parts = explode( $this->getDelimiter(), substr( $hash, 4 ) );

        $this->params['rounds'] = (int)$parts[0];

        $this->args[0] = substr( $parts[1], 0, 22 );

        $this->hash = substr( $parts[1], 22 );

    }


}


and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy

BcryptPassword
A Bcrypt-hashed password.
Definition BcryptPassword.php:31

BcryptPassword\parseHash
parseHash( $hash)
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for see...
Definition BcryptPassword.php:42

BcryptPassword\getDelimiter
getDelimiter()
Returns the delimiter for the parameters inside the hash.
Definition BcryptPassword.php:38

BcryptPassword\crypt
crypt( $password)
Definition BcryptPassword.php:54

BcryptPassword\getDefaultParams
getDefaultParams()
Return an ordered array of default parameters for this password hash.
Definition BcryptPassword.php:32

MWException
MediaWiki exception.
Definition MWException.php:26

ParameterizedPassword
Helper class for password hash types that have a delimited set of parameters inside of the hash.
Definition ParameterizedPassword.php:38

PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:26

Password\$hash
string $hash
String representation of the hash without the type.
Definition Password.php:71