1. class
  2. SilverStripe
  3. \
  4. Security
  5. \
  6. PasswordEncryptor_Blowfish

PasswordEncryptor_Blowfish

class PasswordEncryptor_Blowfish extends PasswordEncryptor

Blowfish encryption - this is the default from SilverStripe 3.

PHP 5.3+ will provide a php implementation if there is no system version available.

Methods

static array
get_encryptors()

No description

from PasswordEncryptor
static PasswordEncryptor
create_for_algorithm(String $algorithm)

No description

from PasswordEncryptor
String
encrypt(String $password, String $salt = null, Member $member = null)

Return a string value stored in the {@link Member->Password} property.

string
salt(string $password, Member $member = null)

self::$cost param is forced to be two digits with leading zeroes for ints 4-9

bool
check(string $hash, string $password, string $salt = null, Member $member = null)

This usually just returns a strict string comparison, but is necessary for retain compatibility with password hashed with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and {@link PasswordEncryptor_Blowfish}

static 
set_cost(int $cost)

Sets the cost of the blowfish algorithm.

static int
get_cost()

Gets the cost that is set for the blowfish algorithm

encryptX($password, $salt)

No description

encryptY($password, $salt)

No description

encryptA($password, $salt)

No description

checkAEncryptionLevel()

The algorithm returned by using '$2a$' is not consistent - it might be either the correct (y), incorrect (x) or mostly-correct (a) version, depending on the version of PHP and the operating system, so we need to test it.

Details

in PasswordEncryptor at line 29
static array get_encryptors()

Return Value

array Map of encryptor code to the used class.

in PasswordEncryptor at line 39
static PasswordEncryptor create_for_algorithm(String $algorithm)

Parameters

String $algorithm

Return Value

PasswordEncryptor

Exceptions

PasswordEncryptor_NotFoundException

at line 46
String encrypt(String $password, String $salt = null, Member $member = null)

Return a string value stored in the {@link Member->Password} property.

The password should be hashed with {@link salt()} if applicable.

Parameters

String $password Cleartext password to be hashed
String $salt (Optional)
Member $member (Optional)

Return Value

String Maximum of 512 characters.

at line 162
string salt(string $password, Member $member = null)

self::$cost param is forced to be two digits with leading zeroes for ints 4-9

Parameters

string $password Cleartext password
Member $member (Optional)

Return Value

string Maximum of 50 characters

at line 168
bool check(string $hash, string $password, string $salt = null, Member $member = null)

This usually just returns a strict string comparison, but is necessary for retain compatibility with password hashed with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and {@link PasswordEncryptor_Blowfish}

Parameters

string $hash
string $password
string $salt
Member $member

Return Value

bool

at line 31
static set_cost(int $cost)

Sets the cost of the blowfish algorithm.

See {@link PasswordEncryptor_Blowfish::$cost} Cost is set as an integer but Ensure that set values are from 4-31

Parameters

int $cost range 4-31

at line 41
static int get_cost()

Gets the cost that is set for the blowfish algorithm

Return Value

int

at line 68
encryptX($password, $salt)

Parameters

$password
$salt

at line 91
encryptY($password, $salt)

Parameters

$password
$salt

at line 114
encryptA($password, $salt)

Parameters

$password
$salt

at line 134
checkAEncryptionLevel()

The algorithm returned by using '$2a$' is not consistent - it might be either the correct (y), incorrect (x) or mostly-correct (a) version, depending on the version of PHP and the operating system, so we need to test it.