ÿØÿàJFIFÿþ ÿÛC       ÿÛC ÿÀÿÄÿÄ"#QrÿÄÿÄ&1!A"2qQaáÿÚ ?Øy,æ/3JæݹÈ߲؋5êXw²±ÉyˆR”¾I0ó2—PI¾IÌÚiMö¯–þrìN&"KgX:Šíµ•nTJnLK„…@!‰-ý ùúmë;ºgµŒ&ó±hw’¯Õ@”Ü— 9ñ-ë.²1<yà‚¹ïQÐU„ہ?.’¦èûbß±©Ö«Âw*VŒ) `$‰bØԟ’ëXÖ-ËTÜíGÚ3ð«g Ÿ§¯—Jx„–’U/ÂÅv_s(Hÿ@TñJÑãõçn­‚!ÈgfbÓc­:él[ðQe 9ÀPLbÃãCµm[5¿ç'ªjglå‡Ûí_§Úõl-;"PkÞÞÁQâ¼_Ñ^¢SŸx?"¸¦ùY騐ÒOÈ q’`~~ÚtËU¹CڒêV  I1Áß_ÿÙ * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Core\Encoder; use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * @author Elnur Abdurrakhimov * @author Terje Bråten */ class BCryptPasswordEncoder extends BasePasswordEncoder { /** * @var string */ private $cost; /** * Constructor. * * @param integer $cost The algorithmic cost that should be used * * @throws \RuntimeException When no BCrypt encoder is available * @throws \InvalidArgumentException if cost is out of range */ public function __construct($cost) { if (!function_exists('password_hash')) { throw new \RuntimeException('To use the BCrypt encoder, you need to upgrade to PHP 5.5 or install the "ircmaxell/password-compat" via Composer.'); } $cost = (int) $cost; if ($cost < 4 || $cost > 31) { throw new \InvalidArgumentException('Cost must be in the range of 4-31.'); } $this->cost = $cost; } /** * Encodes the raw password. * * It doesn't work with PHP versions lower than 5.3.7, since * the password compat library uses CRYPT_BLOWFISH hash type with * the "$2y$" salt prefix (which is not available in the early PHP versions). * @see https://github.com/ircmaxell/password_compat/issues/10#issuecomment-11203833 * * It is almost best to **not** pass a salt and let PHP generate one for you. * * @param string $raw The password to encode * @param string $salt The salt * * @return string The encoded password * * @link http://lxr.php.net/xref/PHP_5_5/ext/standard/password.c#111 */ public function encodePassword($raw, $salt) { if ($this->isPasswordTooLong($raw)) { throw new BadCredentialsException('Invalid password.'); } $options = array('cost' => $this->cost); if ($salt) { $options['salt'] = $salt; } return password_hash($raw, PASSWORD_BCRYPT, $options); } /** * {@inheritdoc} */ public function isPasswordValid($encoded, $raw, $salt) { return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded); } }