GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CORE] Add timing safe backwards compatible password_verify

This commit is contained in:
Daniel Supernault 2018-03-11 18:55:59 -06:00 committed by Diogo Cordeiro
parent 1049080df5
commit ad51998d67
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/AuthCrypt/AuthCryptPlugin.php
View File

@ -52,6 +52,13 @@ class AuthCryptPlugin extends AuthenticationPlugin
return false;
}
// Timing safe password verification on supported PHP versions
if (function_exists('password_verify')) {
if (password_verify($password, $user->password)) {
return $user;
}
}
// crypt understands what the salt part of $user->password is
if ($user->password === crypt($password, $user->password)) {
return $user;