* switch to composer for qrcode and otp dependencies

* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries

vendor/thecodingmachine/safe/generated/password.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace Safe;
+
+use Safe\Exceptions\PasswordException;
+
+/**
+ * password_hash creates a new password hash using a strong one-way hashing
+ * algorithm. password_hash is compatible with crypt.
+ * Therefore, password hashes created by crypt can be used with
+ * password_hash.
+ *
+ *
+ *
+ *
+ * PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0).
+ * Note that this constant is designed to change over time as new and stronger algorithms are added
+ * to PHP. For that reason, the length of the result from using this identifier can change over
+ * time. Therefore, it is recommended to store the result in a database column that can expand
+ * beyond 60 characters (255 characters would be a good choice).
+ *
+ *
+ *
+ *
+ * PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to
+ * create the hash. This will produce a standard crypt compatible hash using
+ * the "$2y$" identifier. The result will always be a 60 character string.
+ *
+ *
+ *
+ *
+ * PASSWORD_ARGON2I - Use the Argon2i hashing algorithm to create the hash.
+ * This algorithm is only available if PHP has been compiled with Argon2 support.
+ *
+ *
+ *
+ *
+ * PASSWORD_ARGON2ID - Use the Argon2id hashing algorithm to create the hash.
+ * This algorithm is only available if PHP has been compiled with Argon2 support.
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ * salt (string) - to manually provide a salt to use when hashing the password.
+ * Note that this will override and prevent a salt from being automatically generated.
+ *
+ *
+ * If omitted, a random salt will be generated by password_hash for
+ * each password hashed. This is the intended mode of operation.
+ *
+ *
+ *
+ * The salt option has been deprecated as of PHP 7.0.0. It is now
+ * preferred to simply use the salt that is generated by default.
+ *
+ *
+ *
+ *
+ *
+ * cost (integer) - which denotes the algorithmic cost that should be used.
+ * Examples of these values can be found on the crypt page.
+ *
+ *
+ * If omitted, a default value of 10 will be used. This is a good
+ * baseline cost, but you may want to consider increasing it depending on your hardware.
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ * memory_cost (integer) - Maximum memory (in kibibytes) that may
+ * be used to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_MEMORY_COST.
+ *
+ *
+ *
+ *
+ * time_cost (integer) - Maximum amount of time it may
+ * take to compute the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_TIME_COST.
+ *
+ *
+ *
+ *
+ * threads (integer) - Number of threads to use for computing
+ * the Argon2 hash. Defaults to PASSWORD_ARGON2_DEFAULT_THREADS.
+ *
+ *
+ *
+ *
+ * @param string $password The user's password.
+ *
+ * Using the PASSWORD_BCRYPT as the
+ * algorithm, will result
+ * in the password parameter being truncated to a
+ * maximum length of 72 characters.
+ * @param int|string|null $algo A password algorithm constant denoting the algorithm to use when hashing the password.
+ * @param array $options An associative array containing options. See the password algorithm constants for documentation on the supported options for each algorithm.
+ *
+ * If omitted, a random salt will be created and the default cost will be
+ * used.
+ * @return string Returns the hashed password.
+ *
+ * The used algorithm, cost and salt are returned as part of the hash. Therefore,
+ * all information that's needed to verify the hash is included in it. This allows
+ * the password_verify function to verify the hash without
+ * needing separate storage for the salt or algorithm information.
+ * @throws PasswordException
+ *
+ */
+function password_hash(string $password, $algo, array $options = null): string
+{
+    error_clear_last();
+    if ($options !== null) {
+        $result = \password_hash($password, $algo, $options);
+    } else {
+        $result = \password_hash($password, $algo);
+    }
+    if ($result === false) {
+        throw PasswordException::createFromPhpError();
+    }
+    return $result;
+}