MaketRandevu/application/helpers/password_helper.php

<?php defined('BASEPATH') or exit('No direct script access allowed');

/* ----------------------------------------------------------------------------
 * Easy!Appointments - Online Appointment Scheduler
 *
 * @package     EasyAppointments
 * @author      A.Tselegidis <alextselegidis@gmail.com>
 * @copyright   Copyright (c) Alex Tselegidis
 * @license     https://opensource.org/licenses/GPL-3.0 - GPLv3
 * @link        https://easyappointments.org
 * @since       v1.0.0
 * ---------------------------------------------------------------------------- */

/**
 * Generate a hash of password string.
 *
 * For user security, all system passwords are stored in hash string into the database. Use this method to produce the
 * hashed password.
 *
 * @param string $salt Salt value for current user. This value is stored on the database and is used when generating
 * the password hashes.
 * @param string $password Given string password.
 *
 * @return string Returns the hash string of the given password.
 *
 * @throws Exception
 */
function hash_password(string $salt, string $password): string
{
    if (strlen($password) > MAX_PASSWORD_LENGTH)
    {
        throw new Exception('The provided password is too long, please use a shorter value.');
    }

    $half = (int)(strlen($salt) / 2);

    $hash = hash('sha256', substr($salt, 0, $half) . $password . substr($salt, $half));

    for ($i = 0; $i < 100000; $i++)
    {
        $hash = hash('sha256', $hash);
    }

    return $hash;
}

/**
 * Generate a new password salt.
 *
 * This method will not check if the salt is unique in database. This must be done
 * from the calling procedure.
 *
 * @return string Returns a salt string.
 */
function generate_salt(): string
{
    $max_length = 100;

    $salt = hash('sha256', (uniqid(rand(), TRUE)));

    return substr($salt, 0, $max_length);
}
Major refactoring and improvements to the application API code. 2020-04-22 22:48:56 +03:00			`<?php defined('BASEPATH') or exit('No direct script access allowed');`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00
			`/* ----------------------------------------------------------------------------`
Update the project subtitle. 2022-01-18 15:05:42 +03:00			`* Easy!Appointments - Online Appointment Scheduler`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`*`
			`* @package EasyAppointments`
			`* @author A.Tselegidis <alextselegidis@gmail.com>`
Updated the file banner info 2021-12-18 19:43:45 +03:00			`* @copyright Copyright (c) Alex Tselegidis`
			`* @license https://opensource.org/licenses/GPL-3.0 - GPLv3`
			`* @link https://easyappointments.org`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`* @since v1.0.0`
			`* ---------------------------------------------------------------------------- */`

			`/**`
			`* Generate a hash of password string.`
			`*`
Major refactoring and improvements to the application API code. 2020-04-22 22:48:56 +03:00			`* For user security, all system passwords are stored in hash string into the database. Use this method to produce the`
			`* hashed password.`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`*`
Major refactoring and improvements to the application API code. 2020-04-22 22:48:56 +03:00			`* @param string $salt Salt value for current user. This value is stored on the database and is used when generating`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00			`* the password hashes.`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`* @param string $password Given string password.`
Major refactoring and improvements to the application API code. 2020-04-22 22:48:56 +03:00			`*`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`* @return string Returns the hash string of the given password.`
Add max password length constant 2022-05-10 00:26:39 +03:00			`*`
			`* @throws Exception`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`*/`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00			`function hash_password(string $salt, string $password): string`
Autoformatted php files based on CodeIgniter style guide. 2017-09-15 14:36:37 +03:00			`{`
Add max password length constant 2022-05-10 00:26:39 +03:00			`if (strlen($password) > MAX_PASSWORD_LENGTH)`
			`{`
			`throw new Exception('The provided password is too long, please use a shorter value.');`
			`}`

Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`$half = (int)(strlen($salt) / 2);`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00
Autoformatted php files based on CodeIgniter style guide. 2017-09-15 14:36:37 +03:00			`$hash = hash('sha256', substr($salt, 0, $half) . $password . substr($salt, $half));`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00
Autoformatted php files based on CodeIgniter style guide. 2017-09-15 14:36:37 +03:00			`for ($i = 0; $i < 100000; $i++)`
			`{`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`$hash = hash('sha256', $hash);`
			`}`

			`return $hash;`
			`}`

			`/**`
			`* Generate a new password salt.`
			`*`
			`* This method will not check if the salt is unique in database. This must be done`
			`* from the calling procedure.`
			`*`
			`* @return string Returns a salt string.`
			`*/`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00			`function generate_salt(): string`
Autoformatted php files based on CodeIgniter style guide. 2017-09-15 14:36:37 +03:00			`{`
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`$max_length = 100;`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00
Autoformatted php files based on CodeIgniter style guide. 2017-09-15 14:36:37 +03:00			`$salt = hash('sha256', (uniqid(rand(), TRUE)));`
Renamed and updated the password helper 2021-10-24 23:00:59 +03:00
Added comment banners to helpers. 2015-10-18 20:46:16 +03:00			`return substr($salt, 0, $max_length);`
			`}`