GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CORE] Update AuthCryptPlugin

Browse Source 
Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions.
This commit is contained in:
Daniel Supernault 2018-03-11 19:28:24 -06:00 committed by Diogo Cordeiro
parent ad51998d67
commit 912f2c3567
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/AuthCrypt/AuthCryptPlugin.php
View File

@ -37,7 +37,7 @@ class AuthCryptPlugin extends AuthenticationPlugin
protected $statusnet = true; // if true, also check StatusNet style password hash protected $statusnet = true; // if true, also check StatusNet style password hash
protected $overwrite = true; // if true, password change means overwrite with crypt() protected $overwrite = true; // if true, password change means overwrite with crypt()
public $provider_name = 'crypt'; // not actually used public $provider_name = 'password_hash'; // not actually used
/* /*
* FUNCTIONALITY * FUNCTIONALITY
@ -61,13 +61,17 @@ class AuthCryptPlugin extends AuthenticationPlugin
// crypt understands what the salt part of $user->password is // crypt understands what the salt part of $user->password is
if ($user->password === crypt($password, $user->password)) { if ($user->password === crypt($password, $user->password)) {
// and update password hash entry to password_hash() compatible
if ($this->overwrite && function_exists('password_hash')) {
$this->changePassword($user->nickname, null, $password);
}
return $user; return $user;
} }
// If we check StatusNet hash, for backwards compatibility and migration // If we check StatusNet hash, for backwards compatibility and migration
if ($this->statusnet && $user->password === md5($password . $user->id)) { if ($this->statusnet && $user->password === md5($password . $user->id)) {
// and update password hash entry to crypt() compatible // and update password hash entry to crypt() compatible
if ($this->overwrite) { if ($this->overwrite && function_exists('password_hash')) {
$this->changePassword($user->nickname, null, $password); $this->changePassword($user->nickname, null, $password);
} }
return $user; return $user;
@ -110,8 +114,16 @@ class AuthCryptPlugin extends AuthenticationPlugin
public function hashPassword($password, Profile $profile=null) public function hashPassword($password, Profile $profile=null)
{ {
// A new, unique salt per new record stored... if(function_exists('password_hash')) {
return crypt($password, $this->hash . self::cryptSalt()); // Use the modern password hashing algorithm
// http://php.net/manual/en/function.password-hash.php
// Uses PASSWORD_BCRYPT by default, with PASSWORD_ARGON2I being the next possible default in future versions
return password_hash($password, PASSWORD_DEFAULT);
} else {
// Fallback to previous hashing function if phpversion() < 5.5
// A new, unique salt per new record stored...
return crypt($password, $this->hash . self::cryptSalt());
}
} }
/* /*