Password.php

Go to the documentation of this file.

<?php

namespace Rsi\Fred\User\Authenticator;

class Password extends \Rsi\Fred\User\Authenticator{

  public $passwordAlgo = PASSWORD_DEFAULT;

  public $strengthKeyboard = [
    ['`~','1!','2@','3#','4$','5%','6^','7&','8*','9(','0)','-_','=+'],
    [null,'qQ','wW','eE','rR','tT','yY','uU','iI','oO','pP','[{',']}','\\|'],
    [null,'aA','sS','dD','fF','gG','hH','jJ','kK','lL',';:','\'"'],
    [null,'zZ','xX','cC','vV','bB','nN','mM',',<','.>','/?']
  ];
  public $strengthCharSets = [ //chars => points
    'abcdefghijklmnopqrstuvwxyz' => 1,
    'ABCDEFGHIJKLMNOPQRSTUVWXYZ' => 3,
    '0123456789' => 4,
    '`~!@#$%^&*()\\-_=+[{]}\|;:\'",<.>/?' => 10,
    null => 25 //all other chars
  ];
  public $strengthCharSetChangeScore = 5;

  protected function check(){
    return null;
  }
  /**
   * Create a password hash.
   * @param string $password
   * @return string  Password hash.
   * @see http://php.net/password_hash
   */
  public function hash($password){
    return password_hash($password,$this->passwordAlgo);
  }
  /**
   * Check if a hash needs rehashing.
   * @param string $hash  Stored hash.
   * @return bool  True if rehashing is advised.
   * @see http://php.net/password_needs_rehash
   */
  public function needsRehash($hash){
    return password_needs_rehash($hash,$this->passwordAlgo);
  }
  /**
   * Verify a password.
   * @param string $password  User password.
   * @param string $hash  Stored hash.
   * @return bool  True if the password and hash match.
   * @see http://php.net/password_verify
   */
  public function verify($password,$hash){
    $this->verified(password_verify($password,$hash));
    return $this->checked;
  }
  /**
   * Check if a password is a 'known' password (found on public available lists).
   * @param string $password  User password.
   * @return bool  True if the password was found on a list.
   */
  public function known($password){
    return \Rsi\Record::get($this->component('services')->password($password),'known');
  }
  /**
   * Calculate password strength.
   * @param string $password  User password.
   * @return int  Calculated strength, based on score settings.
   */
  public function strength($password){
    $score = $prev_char = $prev_char_set = null;
    foreach(str_split($password) as $index => $char){
      $adjacent = null;
      if($prev_char !== null) foreach($this->strengthKeyboard as $r => $row) foreach($row as $k => $key) if(strpos($key,$char) !== false){
        for($i = -1; $i <= 1; $i++) for($j = -1; $j <= 1; $j++) if(($i >= 0) || ($j >= 0))
          $adjacent .= \Rsi\Record::get($this->strengthKeyboard,[$r + $i,$k + $j]);
        if(strpos($adjacent,$prev_char) === false) $adjacent = false;
        break 2;
      }
      if($adjacent) $score++;
      else{
        $score += $index;
        foreach($this->strengthCharSets as $char_set => $char_set_score) if(!$char_set || (strpos($char_set,$char) !== false)){
          $score += $char_set_score;
          if($prev_char_set && ($char_set != $prev_char_set)) $score += $this->strengthCharSetChangeScore;
          $prev_char_set = $char_set;
          break;
        }
      }
      $prev_char = $char;
    }
    return $score;
  }

}