1: <?php
 2: 
 3: /**
 4:  * This file is part of the Nette Framework (https://nette.org)
 5:  * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 6:  */
 7: 
 8: namespace Nette\Security;
 9: 
10: use Nette;
11: 
12: 
13: /**
14:  * Passwords tools.
15:  */
16: class Passwords
17: {
18:     use Nette\StaticClass;
19: 
20:     /** @deprecated */
21:     const BCRYPT_COST = 10;
22: 
23: 
24:     /**
25:      * Computes salted password hash.
26:      * @param  string
27:      * @param  array with cost (4-31)
28:      * @return string  60 chars long
29:      */
30:     public static function hash($password, array $options = [])
31:     {
32:         if (isset($options['cost']) && ($options['cost'] < 4 || $options['cost'] > 31)) {
33:             throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $options[cost] given.");
34:         }
35: 
36:         $hash = password_hash($password, PASSWORD_BCRYPT, $options);
37:         if ($hash === false || strlen($hash) < 60) {
38:             throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.');
39:         }
40:         return $hash;
41:     }
42: 
43: 
44:     /**
45:      * Verifies that a password matches a hash.
46:      * @return bool
47:      */
48:     public static function verify($password, $hash)
49:     {
50:         return password_verify($password, $hash);
51:     }
52: 
53: 
54:     /**
55:      * Checks if the given hash matches the options.
56:      * @param  string
57:      * @param  array with cost (4-31)
58:      * @return bool
59:      */
60:     public static function needsRehash($hash, array $options = [])
61:     {
62:         return password_needs_rehash($hash, PASSWORD_BCRYPT, $options);
63:     }
64: }
65: