[CORE] Add timing safe backwards compatible password_verify
This commit is contained in:
parent
1049080df5
commit
ad51998d67
@ -52,6 +52,13 @@ class AuthCryptPlugin extends AuthenticationPlugin
|
||||
return false;
|
||||
}
|
||||
|
||||
// Timing safe password verification on supported PHP versions
|
||||
if (function_exists('password_verify')) {
|
||||
if (password_verify($password, $user->password)) {
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
// crypt understands what the salt part of $user->password is
|
||||
if ($user->password === crypt($password, $user->password)) {
|
||||
return $user;
|
||||
|
Loading…
Reference in New Issue
Block a user