diff options
| author | Greg Roach <fisharebest@gmail.com> | 2016-12-24 11:51:25 +0000 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2016-12-24 11:51:25 +0000 |
| commit | 015c99a27bc294c090397a70f40eb92112b22bf7 (patch) | |
| tree | e22fd03d1ae465fe180662cc19fa3092b4fde55d /app/User.php | |
| parent | 2118c0e3314864fd87a9f7e14cf8615480d51d10 (diff) | |
| download | webtrees-015c99a27bc294c090397a70f40eb92112b22bf7.tar.gz webtrees-015c99a27bc294c090397a70f40eb92112b22bf7.tar.bz2 webtrees-015c99a27bc294c090397a70f40eb92112b22bf7.zip | |
Remove PHP 5.3 workaround
Diffstat (limited to 'app/User.php')
| -rw-r--r-- | app/User.php | 63 |
1 files changed, 8 insertions, 55 deletions
diff --git a/app/User.php b/app/User.php index c8d9d53801..76415f7aca 100644 --- a/app/User.php +++ b/app/User.php @@ -164,7 +164,7 @@ class User { 'user_name' => $user_name, 'real_name' => $real_name, 'email' => $email, - 'password' => self::passwordHash($password), + 'password' => password_hash($password, PASSWORD_DEFAULT), ]); // Set default blocks for this user @@ -318,8 +318,8 @@ class User { "SELECT password FROM `##user` WHERE user_id = ?" )->execute([$this->user_id])->fetchOne(); - if ($this->passwordVerify($password, $password_hash)) { - if ($this->passwordNeedsRehash($password_hash)) { + if (password_verify($password, $password_hash)) { + if (password_needs_rehash($password_hash, PASSWORD_DEFAULT)) { $this->setPassword($password); } @@ -437,8 +437,11 @@ class User { */ public function setPassword($password) { Database::prepare( - "UPDATE `##user` SET password = ? WHERE user_id = ?" - )->execute([$this->passwordHash($password), $this->user_id]); + "UPDATE `##user` SET password = :password WHERE user_id = :user_id" + )->execute([ + 'password' => password_hash($password, PASSWORD_DEFAULT), + 'user_id' => $this->user_id, + ]); return $this; } @@ -507,54 +510,4 @@ class User { return $this; } - - /** - * The ircmaxell/password_compat implementation of the password_hash() function - * relies on an encryption library which is not secure in PHP < 5.3.7 - * - * @return bool - */ - private static function isPhpCryptBroken() { - return PHP_VERSION_ID < 50307 && password_hash('foo', PASSWORD_DEFAULT) === false; - } - - /** - * @param string $password - * - * @return string - */ - private static function passwordHash($password) { - if (self::isPhpCryptBroken()) { - return crypt($password); - } else { - return password_hash($password, PASSWORD_DEFAULT); - } - } - - /** - * @param string $hash - * - * @return bool - */ - private static function passwordNeedsRehash($hash) { - if (self::isPhpCryptBroken()) { - return false; - } else { - return password_needs_rehash($hash, PASSWORD_DEFAULT); - } - } - - /** - * @param string $password - * @param string $hash - * - * @return bool - */ - private static function passwordVerify($password, $hash) { - if (self::isPhpCryptBroken()) { - return crypt($password, $hash) === $hash; - } else { - return password_verify($password, $hash); - } - } } |
