Use SHA512 for password hashing

master
Nikola Forró 7 years ago
parent 6624d27bb6
commit b5aa1e0071

@ -0,0 +1,63 @@
<?php
namespace Grav\Common\User;
abstract class Authentication
{
/**
* Create password hash from plaintext password.
*
* @param string $password Plaintext password.
*
* @throws \RuntimeException
* @return string|bool
*/
public static function create($password)
{
if (!$password) {
throw new \RuntimeException('Password hashing failed: no password provided.');
}
$hash = self::sha512_crypt($password);
if (!$hash) {
throw new \RuntimeException('Password hashing failed: internal error.');
}
return $hash;
}
/**
* Verifies that a password matches a hash.
*
* @param string $password Plaintext password.
* @param string $hash Hash to verify against.
*
* @return int Returns 0 if the check fails, 1 if password matches, 2 if hash needs to be updated.
*/
public static function verify($password, $hash)
{
// Fail if hash doesn't match
if (!$password || !$hash || self::sha512_crypt($password, $hash) != $hash) {
return 0;
}
return 1;
}
private static function sha512_crypt($password, $hash = null)
{
if (!$hash) {
$fp = fopen('/dev/urandom', 'r');
try {
$salt = fread($fp, 32);
} finally {
fclose($fp);
}
$hash = '$6$' . base64_encode($salt);
}
return crypt($password, $hash);
}
}

@ -16,6 +16,7 @@ COPY php-fpm.conf /etc/php7/php-fpm.d/zz-docker.conf
RUN addgroup -g 9999 lilia
COPY --chown=nobody:lilia grav /app/
COPY --chown=nobody:lilia Authentication.php /app/system/src/Grav/Common/User/Authentication.php
USER nobody:lilia

Loading…
Cancel
Save