From e3fdb8f3fed89afbe65b0ca4574f52e300170f0d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 16 Apr 2025 21:18:30 +0200
Subject: [PATCH] auth.php: use php 8.4 cost for bcrypt

---
 inc/mod/auth.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 4e5d27a5..69256e03 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -47,7 +47,7 @@ function crypt_password(string $password): array {
 	// `salt` database field is reused as a version value. We don't want it to be 0.
 	$version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1;
 	$pre_hash = \hash('tiger160,3', $password, false); // Note that it's truncated to 72 in the next line.
-	$r = \password_hash($pre_hash, \PASSWORD_BCRYPT);
+	$r = \password_hash($pre_hash, \PASSWORD_BCRYPT, [ 'cost' => 12 ]);
 	if ($r === false) {
 		throw new \RuntimeException("Could not hash password");
 	}
@@ -83,7 +83,7 @@ function login(string $username, string $password): array|false {
 
 	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
 	$query->bindValue(':username', $username);
-	$query->execute() or error(db_error($query));
+	$query->execute();
 
 	if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
 		$ok = test_password($user['password'], $user['version'], $password);
@@ -96,7 +96,7 @@ function login(string $username, string $password): array|false {
 				$query->bindValue(':password', $user['password']);
 				$query->bindValue(':version', $user['version']);
 				$query->bindValue(':id', $user['id']);
-				$query->execute() or error(db_error($query));
+				$query->execute();
 			}
 
 			return $mod = [