1: <?php
 2: /**
 3:  * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
 4:  * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
 5:  *
 6:  * Licensed under The MIT License
 7:  * For full copyright and license information, please see the LICENSE.txt
 8:  * Redistributions of files must retain the above copyright notice.
 9:  *
10:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
11:  * @link          https://cakephp.org CakePHP(tm) Project
12:  * @since         3.0.0
13:  * @license       https://opensource.org/licenses/mit-license.php MIT License
14:  */
15: namespace Cake\Auth;
16: 
17: use Cake\Core\Configure;
18: use Cake\Error\Debugger;
19: use Cake\Utility\Security;
20: 
21: /**
22:  * Password hashing class that use weak hashing algorithms. This class is
23:  * intended only to be used with legacy databases where passwords have
24:  * not been migrated to a stronger algorithm yet.
25:  */
26: class WeakPasswordHasher extends AbstractPasswordHasher
27: {
28:     /**
29:      * Default config for this object.
30:      *
31:      * @var array
32:      */
33:     protected $_defaultConfig = [
34:         'hashType' => null
35:     ];
36: 
37:     /**
38:      * {@inheritDoc}
39:      */
40:     public function __construct(array $config = [])
41:     {
42:         if (Configure::read('debug')) {
43:             Debugger::checkSecurityKeys();
44:         }
45: 
46:         parent::__construct($config);
47:     }
48: 
49:     /**
50:      * Generates password hash.
51:      *
52:      * @param string $password Plain text password to hash.
53:      * @return string Password hash
54:      */
55:     public function hash($password)
56:     {
57:         return Security::hash($password, $this->_config['hashType'], true);
58:     }
59: 
60:     /**
61:      * Check hash. Generate hash for user provided password and check against existing hash.
62:      *
63:      * @param string $password Plain text password to hash.
64:      * @param string $hashedPassword Existing hashed password.
65:      * @return bool True if hashes match else false.
66:      */
67:     public function check($password, $hashedPassword)
68:     {
69:         return $hashedPassword === $this->hash($password);
70:     }
71: }
72: