1: <?php
 2: /**
 3:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 4:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 5:  *
 6:  * Licensed under The MIT License
 7:  * For full copyright and license information, please see the LICENSE.txt
 8:  * Redistributions of files must retain the above copyright notice.
 9:  *
10:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11:  * @link          http://cakephp.org CakePHP(tm) Project
12:  * @since         3.0.0
13:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
14:  */
15: namespace Cake\Auth;
16: 
17: use Cake\Core\Configure;
18: use Cake\Error\Debugger;
19: use Cake\Utility\Security;
20: 
21: /**
22:  * Password hashing class that use weak hashing algorithms. This class is
23:  * intended only to be used with legacy databases where passwords have
24:  * not been migrated to a stronger algorithm yet.
25:  *
26:  */
27: class WeakPasswordHasher extends AbstractPasswordHasher
28: {
29: 
30:     /**
31:      * Default config for this object.
32:      *
33:      * @var array
34:      */
35:     protected $_defaultConfig = [
36:         'hashType' => null
37:     ];
38: 
39:     /**
40:      * {@inheritDoc}
41:      */
42:     public function __construct(array $config = [])
43:     {
44:         if (Configure::read('debug')) {
45:             Debugger::checkSecurityKeys();
46:         }
47:         parent::config($config);
48:     }
49: 
50:     /**
51:      * Generates password hash.
52:      *
53:      * @param string $password Plain text password to hash.
54:      * @return string Password hash
55:      */
56:     public function hash($password)
57:     {
58:         return Security::hash($password, $this->_config['hashType'], true);
59:     }
60: 
61:     /**
62:      * Check hash. Generate hash for user provided password and check against existing hash.
63:      *
64:      * @param string $password Plain text password to hash.
65:      * @param string $hashedPassword Existing hashed password.
66:      * @return bool True if hashes match else false.
67:      */
68:     public function check($password, $hashedPassword)
69:     {
70:         return $hashedPassword === $this->hash($password);
71:     }
72: }
73: