mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Improve Blowfish Docblocks
This commit is contained in:
Heath Nail
parent
e0aab77dab
commit
895fcac0cd
2 changed files with 26 additions and 10 deletions
|
|
@ -28,7 +28,10 @@ App::uses('FormAuthenticate', 'Controller/Component/Auth');
|
|||
* }}}
|
||||
*
|
||||
* When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions
|
||||
* are used. See BlowfishAuthenticate::$settings for more information.
|
||||
* are used. See FormAuthenticate::$settings for more information.
|
||||
*
|
||||
* For inital password hashing/creation see Security::hash(). Other than how the password is initally hashed,
|
||||
* BlowfishAuthenticate works exactly the same way as FormAuthenticate.
|
||||
*
|
||||
* @package Cake.Controller.Component.Auth
|
||||
* @since CakePHP(tm) v 2.3
|
||||
|
|
|
|||
|
|
@ -78,14 +78,26 @@ class Security {
|
|||
}
|
||||
|
||||
/**
|
||||
* Create a hash from string using given method.
|
||||
* Fallback on next available method.
|
||||
* If you are using blowfish, for comparisons simply pass the originally hashed
|
||||
* string as the salt (the salt is prepended to the hash and php handles the
|
||||
* parsing automagically. Do NOT use a constant salt for blowfish.
|
||||
* Create a hash from string using given method or fallback on next available method.
|
||||
*
|
||||
* #### Using Blowfish
|
||||
*
|
||||
* - Creating Hashes: *Do not supply a salt*. Cake handles salt creation for
|
||||
* you ensuring that each hashed password will have a *unique* salt.
|
||||
* - Comparing Hashes: Simply pass the originally hashed password as the salt.
|
||||
* The salt is prepended to the hash and php handles the parsing automagically.
|
||||
* For convenience the BlowfishAuthenticate adapter is available for use with
|
||||
* the AuthComponent.
|
||||
* - Do NOT use a constant salt for blowfish!
|
||||
*
|
||||
* Creating a blowfish/bcrypt hash:
|
||||
*
|
||||
* {{{
|
||||
* $hash = Security::hash($password, 'blowfish');
|
||||
* }}}
|
||||
*
|
||||
* @param string $string String to hash
|
||||
* @param string $type Method to use (sha1/sha256/md5)
|
||||
* @param string $type Method to use (sha1/sha256/md5/blowfish)
|
||||
* @param mixed $salt If true, automatically appends the application's salt
|
||||
* value to $string (Security.salt). If you are using blowfish the salt
|
||||
* must be false or a previously generated salt.
|
||||
|
|
@ -222,7 +234,7 @@ class Security {
|
|||
* @param integer $length The length of the returned salt
|
||||
* @return string The generated salt
|
||||
*/
|
||||
public static function salt($length = 22) {
|
||||
protected static function _salt($length = 22) {
|
||||
$salt = str_replace(
|
||||
array('+', '='),
|
||||
'.',
|
||||
|
|
@ -232,14 +244,15 @@ class Security {
|
|||
}
|
||||
|
||||
/**
|
||||
* One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()``
|
||||
* One way encryption using php's crypt() function. To use blowfish hashing see ``Security::hash()``
|
||||
*
|
||||
* @param string $password The string to be encrypted.
|
||||
* @param mixed $salt false to generate a new salt or an existing salt.
|
||||
* @return string The hashed string or an empty string on error.
|
||||
*/
|
||||
protected static function _crypt($password, $salt = false) {
|
||||
if ($salt === false) {
|
||||
$salt = self::salt(22);
|
||||
$salt = self::_salt(22);
|
||||
$salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue