<?php

App::uses('AbstractPasswordHasher', 'Controller/Component/Auth');

/**
 * Modern password hashing class for PHP5.5+.
 * A backport of the 3.x DefaultPasswordHasher class.
 *
 * This requires either PHP5.5+ or the password_hash() shim from
 * https://github.com/ircmaxell/password_compat
 * If you don't use composer, you can also directly use the class in this repo:
 *   require CakePlugin::path('Tools') . 'Lib/Bootstrap/Password.php';
 * You would then require it in your bootstrap.php.
 * But the preferred way would be a composer dependency.
 *
 * @author Mark Scherer
 * @license http://opensource.org/licenses/mit-license.php MIT
 * @link http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/
 */
class ModernPasswordHasher extends AbstractPasswordHasher {

	/**
	 * Constructor
	 *
	 * @param array $config Array of config.
	 */
	public function __construct($config = array()) {
		if (!function_exists('password_hash')) {
			throw new CakeException('password_hash() is not available.');
		}
		parent::__construct($config);
	}

	/**
	 * Default config for this object.
	 *
	 * @var array
	 */
	protected $_config = array(
		'salt' => null,
		'cost' => 10,
		'hashType' => PASSWORD_BCRYPT
	);

	/**
	 * Generates password hash.
	 *
	 * @param string $password Plain text password to hash.
	 * @return string Password hash
	 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
	 */
	public function hash($password) {
		$options = array('cost' => $this->_config['cost'], 'salt' => $this->_config['salt']);
		$options = array_filter($options);
		return password_hash($password, $this->_config['hashType'], $options);
	}

	/**
	 * Check hash. Generate hash for user provided password and check against existing hash.
	 *
	 * @param string $password Plain text password to hash.
	 * @param string Existing hashed password.
	 * @return bool True if hashes match else false.
	 */
	public function check($password, $hashedPassword) {
		return password_verify($password, $hashedPassword);
	}

	/**
	 * Returns true if the password need to be rehashed, due to the password being
	 * created with anything else than the passwords generated by this class.
	 *
	 * @param string $password The password to verify
	 * @return bool
	 */
	public function needsRehash($password) {
		return password_needs_rehash($password, $this->_config['hashType']);
	}

}