<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/

namespace phpbb\passwords\driver;

class bcrypt extends base
{
	const PREFIX = '$2a$';

	/** @var int Hashing cost factor */
	protected $cost_factor;

	/**
	 * Constructor of passwords driver object
	 *
	 * @param \phpbb\config\config $config phpBB config
	 * @param \phpbb\passwords\driver\helper $helper Password driver helper
	 * @param int $cost_factor Hashing cost factor (optional)
	 */
	public function __construct(\phpbb\config\config $config, helper $helper, $cost_factor = 10)
	{
		parent::__construct($config, $helper);

		// Don't allow cost factor to be below default setting
		$this->cost_factor = max(10, $cost_factor);
	}

	/**
	* {@inheritdoc}
	*/
	public function get_prefix()
	{
		return self::PREFIX;
	}

	/**
	 * {@inheritdoc}
	 */
	public function needs_rehash($hash)
	{
		preg_match('/^' . preg_quote($this->get_prefix()) . '([0-9]+)\$/', $hash, $matches);

		list(, $cost_factor) = $matches;

		return empty($cost_factor) || $this->cost_factor !== intval($cost_factor);
	}

	/**
	* {@inheritdoc}
	*/
	public function hash($password, $salt = '')
	{
		// The 2x and 2y prefixes of bcrypt might not be supported
		// Revert to 2a if this is the case
		$prefix = (!$this->is_supported()) ? '$2a$' : $this->get_prefix();

		// Do not support 8-bit characters with $2a$ bcrypt
		// Also see http://www.php.net/security/crypt_blowfish.php
		if ($prefix === self::PREFIX)
		{
			if (ord($password[strlen($password)-1]) & 128)
			{
				return false;
			}
		}

		if ($salt == '')
		{
			$salt = $prefix . $this->cost_factor . '$' . $this->get_random_salt();
		}

		$hash = crypt($password, $salt);
		if (strlen($hash) < 60)
		{
			return false;
		}
		return $hash;
	}

	/**
	* {@inheritdoc}
	*/
	public function check($password, $hash, $user_row = array())
	{
		$salt = substr($hash, 0, 29);
		if (strlen($salt) != 29)
		{
			return false;
		}

		if ($this->helper->string_compare($hash, $this->hash($password, $salt)))
		{
			return true;
		}
		return false;
	}

	/**
	* Get a random salt value with a length of 22 characters
	*
	* @return string Salt for password hashing
	*/
	protected function get_random_salt()
	{
		return $this->helper->hash_encode64($this->helper->get_random_salt(22), 22);
	}

	/**
	* {@inheritdoc}
	*/
	public function get_settings_only($hash, $full = false)
	{
		if ($full)
		{
			$pos = stripos($hash, '$', 1) + 1;
			$length = 22 + (strripos($hash, '$') + 1 - $pos);
		}
		else
		{
			$pos = strripos($hash, '$') + 1;
			$length = 22;
		}
		return substr($hash, $pos, $length);
	}
}