harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity

auth.php: use php 8.4 cost for bcrypt

Browse Source
This commit is contained in:
Zankaria 2025-04-16 21:18:30 +02:00
parent 93fc8f713b
commit e3fdb8f3fe
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/mod/auth.php
View File

@ -47,7 +47,7 @@ function crypt_password(string $password): array {
// `salt` database field is reused as a version value. We don't want it to be 0. // `salt` database field is reused as a version value. We don't want it to be 0.
$version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1; $version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1;
$pre_hash = \hash('tiger160,3', $password, false); // Note that it's truncated to 72 in the next line. $pre_hash = \hash('tiger160,3', $password, false); // Note that it's truncated to 72 in the next line.
$r = \password_hash($pre_hash, \PASSWORD_BCRYPT); $r = \password_hash($pre_hash, \PASSWORD_BCRYPT, [ 'cost' => 12 ]);
if ($r === false) { if ($r === false) {
throw new \RuntimeException("Could not hash password"); throw new \RuntimeException("Could not hash password");
} }
@ -83,7 +83,7 @@ function login(string $username, string $password): array|false {
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username"); $query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
$query->bindValue(':username', $username); $query->bindValue(':username', $username);
$query->execute() or error(db_error($query)); $query->execute();
if ($user = $query->fetch(PDO::FETCH_ASSOC)) { if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
$ok = test_password($user['password'], $user['version'], $password); $ok = test_password($user['password'], $user['version'], $password);
@ -96,7 +96,7 @@ function login(string $username, string $password): array|false {
$query->bindValue(':password', $user['password']); $query->bindValue(':password', $user['password']);
$query->bindValue(':version', $user['version']); $query->bindValue(':version', $user['version']);
$query->bindValue(':id', $user['id']); $query->bindValue(':id', $user['id']);
$query->execute() or error(db_error($query)); $query->execute();
} }
return $mod = [ return $mod = [