$length = $this->getConfigInstance()->readConfig('salt_length');
// Keep only defined number of characters
- $this->salt = substr($randomString, -$length, $length);
+ $this->salt = substr(sha1($randomString), -$length, $length);
+ }
+
+ /**
+ * Hashes a password with salt and returns the hash. If an old previous hash
+ * is supplied the method will use the first X chars of that hash for hashing
+ * the password. This is useful if you want to check if the password is
+ * identical for authorization purposes.
+ *
+ * @param $plainPassword The plain password to use
+ * @param $oldHash A previously hashed password
+ * @return $hashed The hashed and salted password
+ */
+ public function hashPassword ($plainPassword, $oldHash = "") {
+ // Is the old password set?
+ if (empty($oldHash)) {
+ // No, then use the current salt
+ $salt = $this->salt;
+ } else {
+ // Use the salt from hash, first get length
+ $length = $this->getConfigInstance()->readConfig('salt_length');
+
+ // Then extract the X first characters from the hash as our salt
+ $salt = substr($oldHash, 0, $length);
+ }
+
+ // Hash the password with salt
+ $hashed = $salt . md5(sprintf($this->getConfigInstance()->readConfig('hash_mask'),
+ $salt,
+ $this->rngInstance->getExtraSalt(),
+ $plainPassword
+ ));
+
+ // And return it
+ return $hashed;
}
}