public validatePassword ( string $password, string $hashedPasswordAndSalt, string $staticSalt = null ) : boolean | ||
$password | string | The cleartext password |
$hashedPasswordAndSalt | string | The derived key and salt in as returned by crypt() for verification |
$staticSalt | string | Optional static salt that will be appended to the dynamic salt |
return | boolean | TRUE if the given password matches the hashed password |
public function validatePassword($password, $hashedPasswordAndSalt, $staticSalt = null)
{
if (strlen($hashedPasswordAndSalt) < 29 || strpos($hashedPasswordAndSalt, '$2a$') !== 0) {
return false;
}
$cryptSalt = '$2a$' . substr($hashedPasswordAndSalt, 4, 26);
return crypt($password, $cryptSalt) === $hashedPasswordAndSalt;
}
/** * @test */ public function validatePasswordWithInvalidHashFails() { $strategy = new BCryptHashingStrategy(10); $this->assertFalse($strategy->validatePassword('password', '')); $this->assertFalse($strategy->validatePassword('password', '$1$abc')); $this->assertFalse($strategy->validatePassword('password', '$2x$01$012345678901234567890123456789')); }