Represents a password hash for use in authentication. More...

Inheritance diagram for Password:

[legend]

Collaboration diagram for Password:

[legend]

Public Member Functions
	__construct (PasswordFactory $factory, array $config, $hash=null)
	Construct the Password object using a string hash.

	crypt ( $password)
	Hash a password and store the result in this object.

	equals ( $other)
	Compare one Password object to this object.

	getType ()
	Get the type name of the password.

	needsUpdate ()
	Determine if the hash needs to be updated.

	toString ()
	Convert this hash to a string that can be stored in the database.

	verify ( $password)
	Checks whether the given password matches the hash stored in this object.

Public Attributes
const	MAX_HASH_SIZE = 255
	Hash must fit in user_password, which is a tinyblob.

Protected Member Functions
	assertIsSafeSize ( $hash)
	Assert that hash will fit in a tinyblob field.

	isSupported ()
	Whether current password type is supported on this system.

	parseHash ( $hash)
	Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating.

Protected Attributes
array	$config
	Array of configuration variables injected from the constructor.

PasswordFactory	$factory
	Factory that created the object.

string	$hash
	String representation of the hash without the type.

Detailed Description

Represents a password hash for use in authentication.

Note: All password types are transparently prefixed with :<TYPE>:, where <TYPE> is the registered type of the hash. This prefix is stripped in the constructor and is added back in the toString() function.

When inheriting this class, there are a couple of expectations to be fulfilled:

If Password::toString() is called on an object, and the result is passed back in to PasswordFactory::newFromCiphertext(), the result will be identical to the original. With these two points in mind, when creating a new Password sub-class, there are some functions you have to override (because they are abstract) and others that you may want to override.

The abstract functions that must be overridden are:

Password::crypt(), which takes a plaintext password and hashes it into a string hash suitable for being passed to the constructor of that class, and then stores that hash (and whatever other data) into the internal state of the object. The functions that can optionally be overridden are:
Password::parseHash(), which can be useful to override if you need to extract values from or otherwise parse a password hash when it's passed to the constructor.
Password::needsUpdate(), which can be useful if a specific password hash has different logic for when the hash needs to be updated.
Password::toString(), which can be useful if the hash was changed in the constructor and needs to be re-assembled before being returned as a string. This function is expected to add the type back on to the hash, so make sure to do that if you override the function.
Password::verify() - This function checks if $this->hash was generated with the given password. The default is to just hash the password and do a timing-safe string comparison with $this->hash.

After creating a new password hash type, it can be registered using the static Password::register() method. The default type is set using the Password::setDefaultType() type. Types must be registered before they can be set as the default.

Since: 1.24

Definition at line 61 of file Password.php.

Constructor & Destructor Documentation

◆ __construct()

Password::__construct	(	PasswordFactory	$factory,
		array	$config,
			$hash = `null`
	)

final

Construct the Password object using a string hash.

It is strongly recommended not to call this function directly unless you have a reason to. Use the PasswordFactory class instead.

Exceptions

MWException If $config does not contain required parameters

Parameters

PasswordFactory	$factory	Factory object that created the password
array	$config	Array of engine configuration options for hashing
string \| null	$hash	The raw hash, including the type

Definition at line 96 of file Password.php.

References isSupported(), and parseHash().

Member Function Documentation

◆ assertIsSafeSize()

Password::assertIsSafeSize ( $hash )

finalprotected

Assert that hash will fit in a tinyblob field.

This prevents MW from inserting it into the DB and having MySQL silently truncating it, locking the user out of their account.

Parameters

string $hash The hash in question.

Exceptions

PasswordError If hash does not fit in DB.

Definition at line 215 of file Password.php.

Referenced by Argon2Password\toString(), ParameterizedPassword\toString(), and toString().

◆ crypt()

Password::crypt ( $password )

abstract

Hash a password and store the result in this object.

The result of the password hash should be put into the internal state of the hash object.

Parameters

string $password Password to hash

Exceptions

PasswordError If an internal error occurs in hashing

Reimplemented in Argon2Password, BcryptPassword, EncryptedPassword, LayeredParameterizedPassword, Pbkdf2Password, InvalidPassword, MWOldPassword, and MWSaltedPassword.

Referenced by LayeredParameterizedPassword\partialCrypt().

◆ equals()

Password::equals ( $other )

Compare one Password object to this object.

By default, do a timing-safe string comparison on the result of Password::toString() for each object. This can be overridden to do custom comparison, but it is not recommended unless necessary.

Deprecated:: since 1.33, use verify()

Parameters

Password | string $other The other password

Returns: bool True if equal, false otherwise

Reimplemented in Argon2Password, and InvalidPassword.

Definition at line 162 of file Password.php.

References toString(), and verify().

◆ getType()

Password::getType ( )

final

Get the type name of the password.

Returns: string Password type

Definition at line 120 of file Password.php.

Referenced by PasswordFactory\needsUpdate().

◆ isSupported()

Password::isSupported ( )

protected

Whether current password type is supported on this system.

Returns: bool

Reimplemented in Argon2Password.

Definition at line 129 of file Password.php.

Referenced by __construct().

◆ needsUpdate()

Password::needsUpdate ( )

abstract

Determine if the hash needs to be updated.

Returns: bool True if needs update, false otherwise

Reimplemented in Argon2Password, InvalidPassword, and ParameterizedPassword.

Referenced by PasswordFactory\needsUpdate().

◆ parseHash()

Password::parseHash ( $hash )

protected

Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating.

Parameters

string $hash The hash, with the :<TYPE>: prefix stripped

Exceptions

PasswordError If there is an error in parsing the hash

Reimplemented in BcryptPassword, and ParameterizedPassword.

Definition at line 140 of file Password.php.

Referenced by __construct().

◆ toString()

Password::toString ( )

Convert this hash to a string that can be stored in the database.

The resulting string should be considered the seralized representation of this hash, i.e., if the return value were recycled back into PasswordFactory::newFromCiphertext, the returned object would be equivalent to this; also, if two objects return the same value from this function, they are considered equivalent.

Returns: string

Exceptions

PasswordError if password cannot be serialized to fit a tinyblob.

Reimplemented in Argon2Password, InvalidPassword, and ParameterizedPassword.

Definition at line 199 of file Password.php.

References assertIsSafeSize().

Referenced by equals(), and verify().

◆ verify()

Password::verify ( $password )

Checks whether the given password matches the hash stored in this object.

Parameters

string $password Password to check

Returns: bool

Reimplemented in Argon2Password, and InvalidPassword.

Definition at line 176 of file Password.php.

References toString().

Referenced by equals().

Member Data Documentation

◆ $config

array Password::$config

protected

Array of configuration variables injected from the constructor.

Definition at line 77 of file Password.php.

◆ $factory

PasswordFactory Password::$factory

protected

Factory that created the object.

Definition at line 65 of file Password.php.

◆ $hash

string Password::$hash

protected

String representation of the hash without the type.

Definition at line 71 of file Password.php.

Referenced by BcryptPassword\crypt(), LayeredParameterizedPassword\crypt(), Pbkdf2Password\crypt(), BcryptPassword\parseHash(), ParameterizedPassword\parseHash(), LayeredParameterizedPassword\partialCrypt(), and ParameterizedPassword\toString().

◆ MAX_HASH_SIZE

const Password::MAX_HASH_SIZE = 255

Hash must fit in user_password, which is a tinyblob.

Definition at line 82 of file Password.php.

The documentation for this class was generated from the following file:

includes/password/Password.php

Public Member Functions

Public Attributes

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ assertIsSafeSize()

◆ crypt()

◆ equals()

◆ getType()

◆ isSupported()

◆ needsUpdate()

◆ parseHash()

◆ toString()

◆ verify()

Member Data Documentation

◆ $config

◆ $factory

◆ $hash

◆ MAX_HASH_SIZE