diff options
| author | Anthony Ferrara <ircmaxell@gmail.com> | 2012-09-13 10:08:48 -0400 |
|---|---|---|
| committer | Anthony Ferrara <ircmaxell@gmail.com> | 2012-09-13 10:08:48 -0400 |
| commit | 34a3428866feb0b47dcaddbd59c389fdcae36d10 (patch) | |
| tree | a46bdaf4a8486f72aa48df465640033ae59e2fd6 | |
| parent | f0e8bd1f6a9e0ab788361902505dad1e5ffadfd4 (diff) | |
| download | password_compat-34a3428866feb0b47dcaddbd59c389fdcae36d10.zip password_compat-34a3428866feb0b47dcaddbd59c389fdcae36d10.tar.gz password_compat-34a3428866feb0b47dcaddbd59c389fdcae36d10.tar.bz2 | |
Add checks for <= 5.3.7, add checks for bad DES fallback hashes
| -rw-r--r-- | lib/password.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/password.php b/lib/password.php index 4303b2c..2d913a6 100644 --- a/lib/password.php +++ b/lib/password.php @@ -1,5 +1,11 @@ <?php +if (version_compare(PHP_VERSION, '5.3.7', '<')) { + trigger_error("The Password Compatibility Library requires PHP >= 5.3.7", E_USER_WARNING); + // Prevent defining the functions + return; +} + defined('PASSWORD_BCRYPT') or define('PASSWORD_BCRYPT', 1); defined('PASSWORD_DEFAULT') or define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); @@ -80,7 +86,7 @@ if (!function_exists('password_hash')) { $ret = crypt($password, $hash); - if (!is_string($ret) || strlen($ret) < 13) { + if (!is_string($ret) || strlen($ret) <= 13) { return false; } @@ -165,7 +171,7 @@ if (!function_exists('password_verify')) { return false; } $ret = crypt($password, $hash); - if (!is_string($ret) || strlen($ret) != strlen($hash)) { + if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) { return false; } |