mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
Summary: PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash() instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP or HHVM. This constant breaks Username / Password authentication. Test Plan: Login using Username/Password with bcrypt hash. Before applying the patch, No matter what password entered, it will always fail authentication. After this patch, user should be able to login with bcrypt hash. Reviewers: btrahan, epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: epriestley, Korvin Differential Revision: https://secure.phabricator.com/D8808
This commit is contained in:
parent
35df988036
commit
ba956711a5
1 changed files with 1 additions and 1 deletions
|
@ -38,7 +38,7 @@ final class PhabricatorBcryptPasswordHasher
|
||||||
'cost' => $this->getBcryptCost(),
|
'cost' => $this->getBcryptCost(),
|
||||||
);
|
);
|
||||||
|
|
||||||
$raw_hash = password_hash($raw_input, CRYPT_BLOWFISH, $options);
|
$raw_hash = password_hash($raw_input, PASSWORD_BCRYPT, $options);
|
||||||
|
|
||||||
return new PhutilOpaqueEnvelope($raw_hash);
|
return new PhutilOpaqueEnvelope($raw_hash);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue