2 declare(strict_types = 1);
60 throw new \InvalidArgumentException(
61 'cost must not be lower than ' . PASSWORD_BCRYPT_DEFAULT_COST .
' or higher than 31',
65 $newOptions[
'cost'] = (int)
$options[
'cost'];
67 $this->options = $newOptions;
77 return defined(
'PASSWORD_BCRYPT')
79 && function_exists(
'hash')
80 && function_exists(
'hash_algos')
81 && in_array(
'sha384', hash_algos());
92 public function checkPassword(
string $plainPW,
string $saltedHashPW): bool
106 if ($salt !==
null) {
107 trigger_error(static::class .
': using a custom salt is deprecated in PHP password api and thus ignored.', E_USER_DEPRECATED);
109 $hashedPassword =
null;
110 if ($password !==
'') {
112 $hashedPassword = password_hash($password, PASSWORD_BCRYPT, $this->options);
113 if (!is_string($hashedPassword) || empty($hashedPassword)) {
114 throw new InvalidPasswordHashException(
'Cannot generate password, probably invalid options', 1517174114);
117 return $hashedPassword;
129 $passwordInfo = password_get_info($saltedPW);
131 $cost = (int)substr($saltedPW, 4, 2);
132 if (isset($passwordInfo[
'algo'])
133 && $passwordInfo[
'algo'] === PASSWORD_BCRYPT
134 && strncmp($saltedPW, static::PREFIX, strlen(static::PREFIX)) === 0
149 return password_needs_rehash($passString, PASSWORD_BCRYPT, $this->options);
165 return base64_encode(hash(
'sha384', $password,
true));
175 return $cost >= PASSWORD_BCRYPT_DEFAULT_COST && $cost <= 31;
184 trigger_error(
'This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
196 trigger_error(
'This method will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
202 throw new \InvalidArgumentException(
203 'cost must not be lower than ' . PASSWORD_BCRYPT_DEFAULT_COST .
' or higher than 31',
207 $newOptions[
'cost'] = (int)
$options[
'cost'];
209 $newOptions[
'cost'] = 12;
212 $this->options = $newOptions;