summaryrefslogtreecommitdiff
path: root/app/User.php
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2016-12-24 11:51:25 +0000
committerGreg Roach <fisharebest@gmail.com>2016-12-24 11:51:25 +0000
commit015c99a27bc294c090397a70f40eb92112b22bf7 (patch)
treee22fd03d1ae465fe180662cc19fa3092b4fde55d /app/User.php
parent2118c0e3314864fd87a9f7e14cf8615480d51d10 (diff)
downloadwebtrees-015c99a27bc294c090397a70f40eb92112b22bf7.tar.gz
webtrees-015c99a27bc294c090397a70f40eb92112b22bf7.tar.bz2
webtrees-015c99a27bc294c090397a70f40eb92112b22bf7.zip
Remove PHP 5.3 workaround
Diffstat (limited to 'app/User.php')
-rw-r--r--app/User.php63
1 files changed, 8 insertions, 55 deletions
diff --git a/app/User.php b/app/User.php
index c8d9d53801..76415f7aca 100644
--- a/app/User.php
+++ b/app/User.php
@@ -164,7 +164,7 @@ class User {
'user_name' => $user_name,
'real_name' => $real_name,
'email' => $email,
- 'password' => self::passwordHash($password),
+ 'password' => password_hash($password, PASSWORD_DEFAULT),
]);
// Set default blocks for this user
@@ -318,8 +318,8 @@ class User {
"SELECT password FROM `##user` WHERE user_id = ?"
)->execute([$this->user_id])->fetchOne();
- if ($this->passwordVerify($password, $password_hash)) {
- if ($this->passwordNeedsRehash($password_hash)) {
+ if (password_verify($password, $password_hash)) {
+ if (password_needs_rehash($password_hash, PASSWORD_DEFAULT)) {
$this->setPassword($password);
}
@@ -437,8 +437,11 @@ class User {
*/
public function setPassword($password) {
Database::prepare(
- "UPDATE `##user` SET password = ? WHERE user_id = ?"
- )->execute([$this->passwordHash($password), $this->user_id]);
+ "UPDATE `##user` SET password = :password WHERE user_id = :user_id"
+ )->execute([
+ 'password' => password_hash($password, PASSWORD_DEFAULT),
+ 'user_id' => $this->user_id,
+ ]);
return $this;
}
@@ -507,54 +510,4 @@ class User {
return $this;
}
-
- /**
- * The ircmaxell/password_compat implementation of the password_hash() function
- * relies on an encryption library which is not secure in PHP < 5.3.7
- *
- * @return bool
- */
- private static function isPhpCryptBroken() {
- return PHP_VERSION_ID < 50307 && password_hash('foo', PASSWORD_DEFAULT) === false;
- }
-
- /**
- * @param string $password
- *
- * @return string
- */
- private static function passwordHash($password) {
- if (self::isPhpCryptBroken()) {
- return crypt($password);
- } else {
- return password_hash($password, PASSWORD_DEFAULT);
- }
- }
-
- /**
- * @param string $hash
- *
- * @return bool
- */
- private static function passwordNeedsRehash($hash) {
- if (self::isPhpCryptBroken()) {
- return false;
- } else {
- return password_needs_rehash($hash, PASSWORD_DEFAULT);
- }
- }
-
- /**
- * @param string $password
- * @param string $hash
- *
- * @return bool
- */
- private static function passwordVerify($password, $hash) {
- if (self::isPhpCryptBroken()) {
- return crypt($password, $hash) === $hash;
- } else {
- return password_verify($password, $hash);
- }
- }
}