From ba956711a56be7d9f616b6497346448e8c38afbb Mon Sep 17 00:00:00 2001
From: Wenyu Zhang <hearson@gmail.com>
Date: Fri, 18 Apr 2014 13:38:36 -0700
Subject: [PATCH] Change password_hash() algorithm from CRYPT_BLOWFISH to
 PASSWORD_BCRYPT.

Summary:
PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.

Test Plan:
Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8808
---
 .../util/password/PhabricatorBcryptPasswordHasher.php           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php b/src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php
index fc2bf7a523..cc8dacfc80 100644
--- a/src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php
+++ b/src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php
@@ -38,7 +38,7 @@ final class PhabricatorBcryptPasswordHasher
       'cost' => $this->getBcryptCost(),
     );
 
-    $raw_hash = password_hash($raw_input, CRYPT_BLOWFISH, $options);
+    $raw_hash = password_hash($raw_input, PASSWORD_BCRYPT, $options);
 
     return new PhutilOpaqueEnvelope($raw_hash);
   }