* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Core\Encoder; use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * @author Elnur Abdurrakhimov * @author Terje BrĂ¥ten */ class BCryptPasswordEncoder extends BasePasswordEncoder { /** * @var string */ private $cost; /** * Constructor. * * @param integer $cost The algorithmic cost that should be used * * @throws \RuntimeException When no BCrypt encoder is available * @throws \InvalidArgumentException if cost is out of range */ public function __construct($cost) { if (!function_exists('password_hash')) { throw new \RuntimeException('To use the BCrypt encoder, you need to upgrade to PHP 5.5 or install the "ircmaxell/password-compat" via Composer.'); } $cost = (int) $cost; if ($cost < 4 || $cost > 31) { throw new \InvalidArgumentException('Cost must be in the range of 4-31.'); } $this->cost = $cost; } /** * Encodes the raw password. * * It doesn't work with PHP versions lower than 5.3.7, since * the password compat library uses CRYPT_BLOWFISH hash type with * the "$2y$" salt prefix (which is not available in the early PHP versions). * @see https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833 * * It is almost best to **not** pass a salt and let PHP generate one for you. * * @param string $raw The password to encode * @param string $salt The salt * * @return string The encoded password * * @link http://lxr.php.net/xref/PHP_5_5/ext/standard/password.c#111 */ public function encodePassword($raw, $salt) { if ($this->isPasswordTooLong($raw)) { throw new BadCredentialsException('Invalid password.'); } $options = array('cost' => $this->cost); if ($salt) { $options['salt'] = $salt; } return password_hash($raw, PASSWORD_BCRYPT, $options); } /** * {@inheritdoc} */ public function isPasswordValid($encoded, $raw, $salt) { return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded); } }