PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 4.3.0
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v4.3.0
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / Auth / Password.php
matomo / app / core / Auth Last commit date
Password.php 5 years ago
Password.php
121 lines
1 <?php
2 /**
3 * Matomo - free/libre analytics platform
4 *
5 * @link https://matomo.org
6 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
7 */
8
9 namespace Piwik\Auth;
10
11 use Exception;
12 use Piwik\Config;
13
14 /**
15 * Main class to handle actions related to password hashing and verification.
16 *
17 * @api
18 */
19 class Password
20 {
21 /**
22 * Choose the used algorithm for password_hash depending on the config option
23 *
24 * @return string|int depending on PHP version
25 * @throws Exception
26 */
27 private function preferredAlgorithm()
28 {
29 $passwordHashAlogrithm = Config::getInstance()->General['password_hash_algorithm'];
30 switch ($passwordHashAlogrithm) {
31 case "default":
32 return PASSWORD_DEFAULT;
33 case "bcrypt":
34 return PASSWORD_BCRYPT;
35 case "argon2i":
36 return PASSWORD_ARGON2I;
37 case "argon2id":
38 if (version_compare(PHP_VERSION, '7.3.0', '<')) {
39 throw new Exception("argon2id needs at leat PHP 7.3.0");
40 }
41 return PASSWORD_ARGON2ID;
42 default:
43 throw new Exception("invalid password_hash_algorithm");
44 }
45 }
46
47 /**
48 * Fetches argon2 options from config.ini.php
49 *
50 * @return array
51 */
52 private function algorithmOptions()
53 {
54 $options = [];
55 $generalConfig = Config::getInstance()->General;
56 if ($generalConfig["password_hash_argon2_threads"] != "default") {
57 $options["threads"] = max($generalConfig["password_hash_argon2_threads"], 1);
58 }
59 if ($generalConfig["password_hash_argon2_memory_cost"] != "default") {
60 $options["memory_cost"] = max($generalConfig["password_hash_argon2_memory_cost"], 8 * $options["threads"]);
61 }
62 if ($generalConfig["password_hash_argon2_time_cost"] != "default") {
63 $options["time_cost"] = max($generalConfig["password_hash_argon2_time_cost"], 1);
64 }
65 return $options;
66 }
67
68 /**
69 * Hashes a password with the configured algorithm.
70 *
71 * @param string $password
72 * @return string
73 */
74 public function hash($password)
75 {
76 return password_hash($password, $this->preferredAlgorithm(), $this->algorithmOptions());
77 }
78
79 /**
80 * Returns information about a hashed password (algo, options, ...).
81 *
82 * Can be used to verify whether a string is compatible with password_hash().
83 *
84 * @param string
85 * @return array
86 */
87 public function info($hash)
88 {
89 return password_get_info($hash);
90 }
91
92 /**
93 * Rehashes a user's password if necessary.
94 *
95 * This method expects the password to be pre-hashed by
96 * \Piwik\Plugins\UsersManager\UsersManager::getPasswordHash().
97 *
98 * @param string $hash
99 * @return boolean
100 */
101 public function needsRehash($hash)
102 {
103 return password_needs_rehash($hash, $this->preferredAlgorithm(), $this->algorithmOptions());
104 }
105
106 /**
107 * Verifies a user's password against the provided hash.
108 *
109 * This method expects the password to be pre-hashed by
110 * \Piwik\Plugins\UsersManager\UsersManager::getPasswordHash().
111 *
112 * @param string $password
113 * @param string $hash
114 * @return boolean
115 */
116 public function verify($password, $hash)
117 {
118 return password_verify($password, $hash);
119 }
120 }
121