portal/patient/fwk/libs/verysimple/Authentication/Bcrypt.php

   1 <?php
   2 /** @package    verysimple::Authentication */
   3
   4 /**
   5  * Bcrypt abstracts the use of bcrypt for secure password hashing.
   6  * The verify method is backwards compatible with any algorithm
   7  * supported by php crypt function
   8  *
   9  * @author http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php
  10  * @author J.Hinkle http://verysimple.com/
  11  * @example <code>
  12  *          $bcrypt = new Bcrypt(15);
  13  *          $hash = $bcrypt->hash('password');
  14  *          $isGood = $bcrypt->verify('password', $hash);
  15  *          </code>
  16  */
  17 class Bcrypt
  18 {
  19     private $rounds;
  20     private $randomState;
  21
  22     /**
  23      * Constructor
  24      *
  25      * @param
  26      *          int number of crypt rounds
  27      * @throws Exception if bcrypt is not supported
  28      */
  29     public function __construct($rounds = 12)
  30     {
  31         if (CRYPT_BLOWFISH != 1) {
  32             throw new Exception("bcrypt not supported in this installation. See http://php.net/crypt");
  33         }
  34
  35         $this->rounds = $rounds;
  36     }
  37
  38     /**
  39      * Return true if the given hash is crypted with the blowfish algorithm
  40      *
  41      * @param string $hash
  42      */
  43     static function isBlowfish($hash)
  44     {
  45         return substr($hash, 0, 4) == '$2a$';
  46     }
  47
  48     /**
  49      * generate a hash
  50      *
  51      * @param
  52      *          string plain text input
  53      */
  54     public function hash($input)
  55     {
  56         $hash = crypt($input, $this->getSalt());
  57
  58         if (strlen($hash) > 13) {
  59             return $hash;
  60         }
  61
  62         return false;
  63     }
  64
  65     /**
  66      * Verify if the input is equal to the hashed value
  67      *
  68      * @param
  69      *          string plain text input
  70      * @param
  71      *          string hashed input
  72      */
  73     public function verify($input, $existingHash)
  74     {
  75         $hash = crypt($input, $existingHash);
  76
  77         return $hash === $existingHash;
  78     }
  79
  80     /**
  81      * return an ascii-encoded 16 char salt
  82      */
  83     private function getSalt()
  84     {
  85         $salt = sprintf('$2a$%02d$', $this->rounds);
  86
  87         $bytes = $this->getRandomBytes(16);
  88
  89         $salt .= $this->encodeBytes($bytes);
  90
  91         return $salt;
  92     }
  93
  94     /**
  95      * get random bytes to be used in random salts
  96      *
  97      * @param int $count
  98      */
  99     private function getRandomBytes($count)
 100     {
 101         $bytes = '';
 102
 103         if (function_exists('openssl_random_pseudo_bytes') && (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
 104             $bytes = openssl_random_pseudo_bytes($count);
 105         }
 106
 107         if ($bytes === '' && is_readable('/dev/urandom') && ($hRand = @fopen('/dev/urandom', 'rb')) !== false) {
 108             $bytes = fread($hRand, $count);
 109             fclose($hRand);
 110         }
 111
 112         if (strlen($bytes) < $count) {
 113             $bytes = '';
 114
 115             if ($this->randomState === null) {
 116                 $this->randomState = microtime();
 117                 if (function_exists('getmypid')) {
 118                     $this->randomState .= getmypid();
 119                 }
 120             }
 121
 122             for ($i = 0; $i < $count; $i += 16) {
 123                 $this->randomState = md5(microtime() . $this->randomState);
 124
 125                 if (PHP_VERSION >= '5') {
 126                     $bytes .= md5($this->randomState, true);
 127                 } else {
 128                     $bytes .= pack('H*', md5($this->randomState));
 129                 }
 130             }
 131
 132             $bytes = substr($bytes, 0, $count);
 133         }
 134
 135         return $bytes;
 136     }
 137
 138     /**
 139      * ascii-encode used for converting random salt into legit ascii value
 140      *
 141      * @param string $input
 142      */
 143     private function encodeBytes($input)
 144     {
 145         // The following is code from the PHP Password Hashing Framework
 146         $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 147
 148         $output = '';
 149         $i = 0;
 150         do {
 151             $c1 = ord($input [$i ++]);
 152             $output .= $itoa64 [$c1 >> 2];
 153             $c1 = ($c1 & 0x03) << 4;
 154             if ($i >= 16) {
 155                 $output .= $itoa64 [$c1];
 156                 break;
 157             }
 158
 159             $c2 = ord($input [$i ++]);
 160             $c1 |= $c2 >> 4;
 161             $output .= $itoa64 [$c1];
 162             $c1 = ($c2 & 0x0f) << 2;
 163
 164             $c2 = ord($input [$i ++]);
 165             $c1 |= $c2 >> 6;
 166             $output .= $itoa64 [$c1];
 167             $output .= $itoa64 [$c2 & 0x3f];
 168         } while (1);
 169
 170         return $output;
 171     }
 172 }