2020-04-22 22:48:56 +03:00
|
|
|
|
<?php defined('BASEPATH') or exit('No direct script access allowed');
|
2015-10-18 20:46:16 +03:00
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------------
|
2024-01-01 01:14:38 +03:00
|
|
|
|
* MaketRandevu - MAKET Randevu Portalı
|
2015-10-18 20:46:16 +03:00
|
|
|
|
*
|
|
|
|
|
* @package EasyAppointments
|
|
|
|
|
* @author A.Tselegidis <alextselegidis@gmail.com>
|
2021-12-18 19:43:45 +03:00
|
|
|
|
* @copyright Copyright (c) Alex Tselegidis
|
|
|
|
|
* @license https://opensource.org/licenses/GPL-3.0 - GPLv3
|
|
|
|
|
* @link https://easyappointments.org
|
2015-10-18 20:46:16 +03:00
|
|
|
|
* @since v1.0.0
|
|
|
|
|
* ---------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate a hash of password string.
|
|
|
|
|
*
|
2020-04-22 22:48:56 +03:00
|
|
|
|
* For user security, all system passwords are stored in hash string into the database. Use this method to produce the
|
|
|
|
|
* hashed password.
|
2015-10-18 20:46:16 +03:00
|
|
|
|
*
|
2020-04-22 22:48:56 +03:00
|
|
|
|
* @param string $salt Salt value for current user. This value is stored on the database and is used when generating
|
2021-10-24 23:00:59 +03:00
|
|
|
|
* the password hashes.
|
2015-10-18 20:46:16 +03:00
|
|
|
|
* @param string $password Given string password.
|
2020-04-22 22:48:56 +03:00
|
|
|
|
*
|
2015-10-18 20:46:16 +03:00
|
|
|
|
* @return string Returns the hash string of the given password.
|
2022-05-10 00:26:39 +03:00
|
|
|
|
*
|
|
|
|
|
* @throws Exception
|
2015-10-18 20:46:16 +03:00
|
|
|
|
*/
|
2021-10-24 23:00:59 +03:00
|
|
|
|
function hash_password(string $salt, string $password): string
|
2017-09-15 14:36:37 +03:00
|
|
|
|
{
|
2023-11-29 12:24:09 +03:00
|
|
|
|
if (strlen($password) > MAX_PASSWORD_LENGTH) {
|
2022-06-20 12:31:11 +03:00
|
|
|
|
throw new InvalidArgumentException('The provided password is too long, please use a shorter value.');
|
2022-05-10 00:26:39 +03:00
|
|
|
|
}
|
|
|
|
|
|
2023-11-29 12:24:09 +03:00
|
|
|
|
$half = (int) (strlen($salt) / 2);
|
2021-10-24 23:00:59 +03:00
|
|
|
|
|
2017-09-15 14:36:37 +03:00
|
|
|
|
$hash = hash('sha256', substr($salt, 0, $half) . $password . substr($salt, $half));
|
2015-10-18 20:46:16 +03:00
|
|
|
|
|
2023-11-29 12:24:09 +03:00
|
|
|
|
for ($i = 0; $i < 100000; $i++) {
|
2015-10-18 20:46:16 +03:00
|
|
|
|
$hash = hash('sha256', $hash);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Generate a new password salt.
|
|
|
|
|
*
|
|
|
|
|
* This method will not check if the salt is unique in database. This must be done
|
|
|
|
|
* from the calling procedure.
|
|
|
|
|
*
|
|
|
|
|
* @return string Returns a salt string.
|
|
|
|
|
*/
|
2021-10-24 23:00:59 +03:00
|
|
|
|
function generate_salt(): string
|
2017-09-15 14:36:37 +03:00
|
|
|
|
{
|
2015-10-18 20:46:16 +03:00
|
|
|
|
$max_length = 100;
|
2021-10-24 23:00:59 +03:00
|
|
|
|
|
2023-11-29 12:24:09 +03:00
|
|
|
|
$salt = hash('sha256', uniqid(rand(), true));
|
2021-10-24 23:00:59 +03:00
|
|
|
|
|
2015-10-18 20:46:16 +03:00
|
|
|
|
return substr($salt, 0, $max_length);
|
|
|
|
|
}
|