57 lines
1.6 KiB
PHP
57 lines
1.6 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Vvveb
|
|
*
|
|
* Copyright (C) 2022 Ziadin Givan
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace Vvveb\System\User;
|
|
|
|
class Auth {
|
|
static $options = ['cost' => 11];
|
|
|
|
public static function sanitize(&$data) {
|
|
if (isset($data['username'])) {
|
|
$data['username'] = preg_replace('/[^\w-]/', '', $data['username']);
|
|
}
|
|
|
|
if (isset($data['email'])) {
|
|
$data['email'] = filter_var($data['email'], FILTER_VALIDATE_EMAIL);
|
|
}
|
|
}
|
|
|
|
public static function checkPassword($password, $hash) {
|
|
if (password_verify($password, $hash)) {
|
|
// Check if a newer hashing algorithm is available
|
|
// or the cost has changed
|
|
if (password_needs_rehash($hash, PASSWORD_DEFAULT, self :: $options)) {
|
|
// If so, create a new hash, and replace the old one
|
|
return $newHash = password_hash($password, PASSWORD_DEFAULT, self :: $options);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function password($password) {
|
|
return password_hash($password, PASSWORD_DEFAULT, self :: $options);
|
|
}
|
|
}
|