diff options
Diffstat (limited to 'Encoder/BasePasswordEncoder.php')
-rw-r--r-- | Encoder/BasePasswordEncoder.php | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/Encoder/BasePasswordEncoder.php b/Encoder/BasePasswordEncoder.php deleted file mode 100644 index 8b63c63..0000000 --- a/Encoder/BasePasswordEncoder.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien.potencier@symfony-project.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Encoder; - -/** - * BasePasswordEncoder is the base class for all password encoders. - * - * @author Fabien Potencier <fabien.potencier@symfony-project.com> - */ -abstract class BasePasswordEncoder implements PasswordEncoderInterface -{ - /** - * Demerges a merge password and salt string. - * - * @param string $mergedPasswordSalt The merged password and salt string - * - * @return array An array where the first element is the password and the second the salt - */ - protected function demergePasswordAndSalt($mergedPasswordSalt) - { - if (empty($mergedPasswordSalt)) { - return array('', ''); - } - - $password = $mergedPasswordSalt; - $salt = ''; - $saltBegins = strrpos($mergedPasswordSalt, '{'); - - if (false !== $saltBegins && $saltBegins + 1 < strlen($mergedPasswordSalt)) { - $salt = substr($mergedPasswordSalt, $saltBegins + 1, -1); - $password = substr($mergedPasswordSalt, 0, $saltBegins); - } - - return array($password, $salt); - } - - /** - * Merges a password and a salt. - * - * @param string $password the password to be used - * @param string $salt the salt to be used - * - * @return string a merged password and salt - */ - protected function mergePasswordAndSalt($password, $salt) - { - if (empty($salt)) { - return $password; - } - - if (false !== strrpos($salt, '{') || false !== strrpos($salt, '}')) { - throw new \InvalidArgumentException('Cannot use { or } in salt.'); - } - - return $password.'{'.$salt.'}'; - } - - /** - * Compares two passwords. - * - * This method implements a constant-time algorithm to compare passwords to - * avoid (remote) timing attacks. - * - * @param string $password1 The first password - * @param string $password2 The second password - * - * @return Boolean true if the two passwords are the same, false otherwise - */ - protected function comparePasswords($password1, $password2) - { - if (strlen($password1) !== strlen($password2)) { - return false; - } - - $result = 0; - for ($i = 0; $i < strlen($password1); $i++) { - $result |= ord($password1[$i]) ^ ord($password2[$i]); - } - - return 0 === $result; - } -} |