mirror of
https://github.com/FreshRSS/FreshRSS.git
synced 2026-01-28 23:21:04 -05:00
30c7a61a9b
* Little's optimisations and booleans in conditions * Apply strict type * Apply strict type * Apply strict type * Fix multiple bugs with PHP 8.2 and 8.3 * Many declares missing, more errors fixed * Apply strict type * Another approach * Stronger typing for Minz_Session * Fix case of SQLite --------- Co-authored-by: Luc <sanchezluc+freshrss@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
39 lines
914 B
PHP
39 lines
914 B
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
class FreshRSS_password_Util {
|
|
// Will also have to be computed client side on mobile devices,
|
|
// so do not use a too high cost
|
|
public const BCRYPT_COST = 9;
|
|
|
|
/**
|
|
* Return a hash of a plain password, using BCRYPT
|
|
*/
|
|
public static function hash(string $passwordPlain): string {
|
|
$passwordHash = password_hash(
|
|
$passwordPlain,
|
|
PASSWORD_BCRYPT,
|
|
['cost' => self::BCRYPT_COST]
|
|
);
|
|
|
|
// Compatibility with bcrypt.js
|
|
$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);
|
|
|
|
if ($passwordHash === '' || $passwordHash === null) {
|
|
return '';
|
|
}
|
|
return $passwordHash;
|
|
}
|
|
|
|
/**
|
|
* Verify the given password is valid.
|
|
*
|
|
* A valid password is a string of at least 7 characters.
|
|
*
|
|
* @return bool True if the password is valid, false otherwise
|
|
*/
|
|
public static function check(string $password): bool {
|
|
return strlen($password) >= 7;
|
|
}
|
|
}
|