ÿØÿàJFIFÿþ ÿÛC       ÿÛC ÿÀÿÄÿÄ"#QrÿÄÿÄ&1!A"2qQaáÿÚ ?Øy,æ/3JæݹÈ߲؋5êXw²±ÉyˆR”¾I0ó2—PI¾IÌÚiMö¯–þrìN&"KgX:Šíµ•nTJnLK„…@!‰-ý ùúmë;ºgµŒ&ó±hw’¯Õ@”Ü— 9ñ-ë.²1<yà‚¹ïQÐU„ہ?.’¦èûbß±©Ö«Âw*VŒ) `$‰bØԟ’ëXÖ-ËTÜíGÚ3ð«g Ÿ§¯—Jx„–’U/ÂÅv_s(Hÿ@TñJÑãõçn­‚!ÈgfbÓc­:él[ðQe 9ÀPLbÃãCµm[5¿ç'ªjglå‡Ûí_§Úõl-;"PkÞÞÁQâ¼_Ñ^¢SŸx?"¸¦ùY騐ÒOÈ q’`~~ÚtËU¹CڒêV  I1Áß_ÿÙ * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Core\Encoder; use Symfony\Component\Security\Core\Util\StringUtils; /** * BasePasswordEncoder is the base class for all password encoders. * * @author Fabien Potencier */ abstract class BasePasswordEncoder implements PasswordEncoderInterface { const MAX_PASSWORD_LENGTH = 4096; /** * Demerges a merge password and salt string. * * @param string $mergedPasswordSalt The merged password and salt string * * @return array An array where the first element is the password and the second the salt */ protected function demergePasswordAndSalt($mergedPasswordSalt) { if (empty($mergedPasswordSalt)) { return array('', ''); } $password = $mergedPasswordSalt; $salt = ''; $saltBegins = strrpos($mergedPasswordSalt, '{'); if (false !== $saltBegins && $saltBegins + 1 < strlen($mergedPasswordSalt)) { $salt = substr($mergedPasswordSalt, $saltBegins + 1, -1); $password = substr($mergedPasswordSalt, 0, $saltBegins); } return array($password, $salt); } /** * Merges a password and a salt. * * @param string $password the password to be used * @param string $salt the salt to be used * * @return string a merged password and salt * * @throws \InvalidArgumentException */ protected function mergePasswordAndSalt($password, $salt) { if (empty($salt)) { return $password; } if (false !== strrpos($salt, '{') || false !== strrpos($salt, '}')) { throw new \InvalidArgumentException('Cannot use { or } in salt.'); } return $password.'{'.$salt.'}'; } /** * Compares two passwords. * * This method implements a constant-time algorithm to compare passwords to * avoid (remote) timing attacks. * * @param string $password1 The first password * @param string $password2 The second password * * @return Boolean true if the two passwords are the same, false otherwise */ protected function comparePasswords($password1, $password2) { return StringUtils::equals($password1, $password2); } /** * Checks if the password is too long. * * @return Boolean true if the password is too long, false otherwise */ protected function isPasswordTooLong($password) { return strlen($password) > self::MAX_PASSWORD_LENGTH; } }