PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 5.2.0
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v5.2.0
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / Auth / Password.php
matomo / app / core / Auth Last commit date
Password.php 1 year ago
Password.php
115 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik\Auth;
10
11 use Exception;
12 use Piwik\Config;
13 /**
14 * Main class to handle actions related to password hashing and verification.
15 *
16 * @api
17 */
18 class Password
19 {
20 /**
21 * Choose the used algorithm for password_hash depending on the config option
22 *
23 * @return string|int depending on PHP version
24 * @throws Exception
25 */
26 private function preferredAlgorithm()
27 {
28 $passwordHashAlgorithm = Config::getInstance()->General['password_hash_algorithm'];
29 switch ($passwordHashAlgorithm) {
30 case "default":
31 return \PASSWORD_DEFAULT;
32 case "bcrypt":
33 return \PASSWORD_BCRYPT;
34 case "argon2i":
35 return \PASSWORD_ARGON2I;
36 case "argon2id":
37 if (version_compare(\PHP_VERSION, '7.3.0', '<')) {
38 throw new Exception("argon2id needs at leat PHP 7.3.0");
39 }
40 return \PASSWORD_ARGON2ID;
41 default:
42 throw new Exception("invalid password_hash_algorithm");
43 }
44 }
45 /**
46 * Fetches argon2 options from config.ini.php
47 *
48 * @return array
49 */
50 private function algorithmOptions()
51 {
52 $options = [];
53 $generalConfig = Config::getInstance()->General;
54 if ($generalConfig["password_hash_argon2_threads"] != "default") {
55 $options["threads"] = max($generalConfig["password_hash_argon2_threads"], 1);
56 }
57 if ($generalConfig["password_hash_argon2_memory_cost"] != "default") {
58 $options["memory_cost"] = max($generalConfig["password_hash_argon2_memory_cost"], 8 * $options["threads"]);
59 }
60 if ($generalConfig["password_hash_argon2_time_cost"] != "default") {
61 $options["time_cost"] = max($generalConfig["password_hash_argon2_time_cost"], 1);
62 }
63 return $options;
64 }
65 /**
66 * Hashes a password with the configured algorithm.
67 *
68 * @param string $password
69 * @return string
70 */
71 public function hash($password)
72 {
73 return password_hash($password, $this->preferredAlgorithm(), $this->algorithmOptions());
74 }
75 /**
76 * Returns information about a hashed password (algo, options, ...).
77 *
78 * Can be used to verify whether a string is compatible with password_hash().
79 *
80 * @param string
81 * @return array
82 */
83 public function info($hash)
84 {
85 return password_get_info($hash);
86 }
87 /**
88 * Rehashes a user's password if necessary.
89 *
90 * This method expects the password to be pre-hashed by
91 * \Piwik\Plugins\UsersManager\UsersManager::getPasswordHash().
92 *
93 * @param string $hash
94 * @return boolean
95 */
96 public function needsRehash($hash)
97 {
98 return password_needs_rehash($hash, $this->preferredAlgorithm(), $this->algorithmOptions());
99 }
100 /**
101 * Verifies a user's password against the provided hash.
102 *
103 * This method expects the password to be pre-hashed by
104 * \Piwik\Plugins\UsersManager\UsersManager::getPasswordHash().
105 *
106 * @param string $password
107 * @param string $hash
108 * @return boolean
109 */
110 public function verify($password, $hash)
111 {
112 return password_verify($password, $hash);
113 }
114 }
115