Refactor hash class to use PHPass.

system/hash.php

@@ -2,49 +2,43 @@
 
 class Hash {
 
-    /**
-	 * The salty, hashed value.
-	 *
-	 * @var string
-	 */
-	public $value;
-
 	/**
-	 * The salt used during hashing.
+	 * Hash a string using PHPass.
+	 *
+	 * PHPass provides reliable bcrypt hashing, and is used by many popular PHP
+	 * applications such as Wordpress and Joomla.
 	 *
-	 * @var string
+	 * @access public
+	 * @param  string  $value
+	 * @return string
 	 */
-	public $salt;
+	public static function make($value)
+	{
+		return static::hasher()->HashPassword($value);
+	}
 
 	/**
-	 * Create a new salted hash instance.
-	 *
-	 * If no salt is provided, a random, 16 character salt will be generated
-	 * to created the salted, hashed value. If a salt is provided, that salt
-	 * will be used when hashing the value.
+	 * Determine if an unhashed value matches a given hash.
 	 *
 	 * @param  string  $value
-	 * @param  string  $salt
-	 * @return void
+	 * @param  string  $hash
+	 * @return bool
 	 */
-	public function __construct($value, $salt = null)
+	public static function check($value, $hash)
 	{
-		$this->salt = (is_null($salt)) ? Str::random(16) : $salt;
-
-		$this->value = sha1($value.$this->salt);
+		return static::hasher()->CheckPassword($value, $hash);
 	}
 
 	/**
-	 * Factory for creating hash instances.
+	 * Create a new PHPass instance.
 	 *
-	 * @access public
-	 * @param  string  $value
-	 * @param  string  $salt
-	 * @return Hash
+	 * @return PasswordHash
 	 */
-	public static function make($value, $salt = null)
+	private static function hasher()
 	{
-		return new self($value, $salt);
+		require_once SYS_PATH.'vendor/phpass'.EXT;
+
+		return new \PasswordHash(10, false);
 	}
 
 }