adding password_hash to deprecated as well

jaydiablo · jaydiablo · commit e2cd5cb31e84 · 2022-01-11T16:10:47.000-07:00
diff --git a/composer.json b/composer.json
@@ -15,6 +15,7 @@
             "deprecated/array.php",
             "deprecated/datetime.php",
             "deprecated/libevent.php",
+            "deprecated/password.php",
             "deprecated/mssql.php",
             "deprecated/stats.php",
             "deprecated/strings.php",
diff --git a/deprecated/Exceptions/PasswordException.php b/deprecated/Exceptions/PasswordException.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace Safe\Exceptions;
+
+/**
+ * @deprecated This exception is deprecated
+ */
+class PasswordException extends \ErrorException implements SafeExceptionInterface
+{
+    public static function createFromPhpError(): self
+    {
+        $error = error_get_last();
+        return new self($error['message'] ?? 'An error occured', 0, $error['type'] ?? 1);
+    }
+}
diff --git a/deprecated/functionsList.php b/deprecated/functionsList.php
@@ -55,6 +55,7 @@
     'mssql_query',
     'mssql_select_db',
     'mysqli_get_client_stats',
+    'password_hash',
     'sort',
     'stats_covariance',
     'stats_standard_deviation',
diff --git a/deprecated/password.php b/deprecated/password.php
@@ -0,0 +1,127 @@
+<?php
+
+namespace Safe;
+
+use Safe\Exceptions\PasswordException;
+
+/**
+ * password_hash creates a new password hash using a strong one-way hashing
+ * algorithm. password_hash is compatible with crypt.
+ * Therefore, password hashes created by crypt can be used with
+ * password_hash.
+ *
+ *
+ *
+ *
+ * PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0).
+ * Note that this constant is designed to change over time as new and stronger algorithms are added
+ * to PHP. For that reason, the length of the result from using this identifier can change over
+ * time. Therefore, it is recommended to store the result in a database column that can expand
+ * beyond 60 characters (255 characters would be a good choice).
+ *
+ *
+ *
+ *
+ * PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to
+ * create the hash. This will produce a standard crypt compatible hash using
+ * the "$2y$" identifier. The result will always be a 60 character string.
+ *
+ *
+ *
+ *
+ * PASSWORD_ARGON2I - Use the Argon2i hashing algorithm to create the hash.
+ * This algorithm is only available if PHP has been compiled with Argon2 support.
+ *
+ *
+ *
+ *
+ * PASSWORD_ARGON2ID - Use the Argon2id hashing algorithm to create the hash.
+ * This algorithm is only available if PHP has been compiled with Argon2 support.
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ * salt (string) - to manually provide a salt to use when hashing the password.
+ * Note that this will override and prevent a salt from being automatically generated.
+ *
+ *
+ * If omitted, a random salt will be generated by password_hash for
+ * each password hashed. This is the intended mode of operation.
+ *
+ *
+ *
+ * The salt option has been deprecated as of PHP 7.0.0. It is now
+ * preferred to simply use the salt that is generated by default.
+ *
+ *
+ *
+ *
+ *
+ * cost (integer) - which denotes the algorithmic cost that should be used.
+ * Examples of these values can be found on the crypt page.
+ *
+ *
+ * If omitted, a default value of 10 will be used. This is a good
+ * baseline cost, but you may want to consider increasing it depending on your hardware.
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ * memory_cost (integer) - Maximum memory (in kibibytes) that may
+ * be used to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_MEMORY_COST.
+ *
+ *
+ *
+ *
+ * time_cost (integer) - Maximum amount of time it may
+ * take to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_TIME_COST.
+ *
+ *
+ *
+ *
+ * threads (integer) - Number of threads to use for computing
+ * the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_THREADS.
+ *
+ *
+ *
+ *
+ * @param string $password The user's password.
+ *
+ * Using the PASSWORD_BCRYPT as the
+ * algorithm, will result
+ * in the password parameter being truncated to a
+ * maximum length of 72 characters.
+ * @param int|string|null $algo A password algorithm constant denoting the algorithm to use when hashing the password.
+ * @param array $options An associative array containing options. See the password algorithm constants for documentation on the supported options for each algorithm.
+ *
+ * If omitted, a random salt will be created and the default cost will be
+ * used.
+ * @return string Returns the hashed password.
+ *
+ * The used algorithm, cost and salt are returned as part of the hash. Therefore,
+ * all information that's needed to verify the hash is included in it. This allows
+ * the password_verify function to verify the hash without
+ * needing separate storage for the salt or algorithm information.
+ * @throws PasswordException
+ * @deprecated The Safe version of this function is no longer needed in PHP 8.0+
+ *
+ */
+function password_hash(string $password, $algo, array $options = null): string
+{
+    error_clear_last();
+    if ($options !== null) {
+        $result = \password_hash($password, $algo, $options);
+    } else {
+        $result = \password_hash($password, $algo);
+    }
+    if ($result === false) {
+        throw PasswordException::createFromPhpError();
+    }
+    return $result;
+}
