summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/standard/basic_functions.c1
-rw-r--r--ext/standard/password.c59
-rw-r--r--ext/standard/php_password.h4
-rw-r--r--ext/standard/tests/password/password_hash.phpt4
-rw-r--r--ext/standard/tests/password/password_hash_error.phpt15
5 files changed, 43 insertions, 40 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 5dc86ab097..9e35a5e020 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -3846,7 +3846,6 @@ PHP_MINFO_FUNCTION(basic) /* {{{ */
php_info_print_table_start();
BASIC_MINFO_SUBMODULE(dl)
BASIC_MINFO_SUBMODULE(mail)
- BASIC_MINFO_SUBMODULE(password)
php_info_print_table_end();
BASIC_MINFO_SUBMODULE(assert)
}
diff --git a/ext/standard/password.c b/ext/standard/password.c
index 9c03152426..6de812057f 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -37,8 +37,8 @@
PHP_MINIT_FUNCTION(password) /* {{{ */
{
- REGISTER_STRING_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT);
- REGISTER_STRING_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT);
return SUCCESS;
}
/* }}} */
@@ -211,45 +211,44 @@ PHP_FUNCTION(password_make_salt)
}
/* }}} */
-/* {{{ proto string password_hash(string password, string algo = PASSWORD_DEFAULT, array options = array())
+/* {{{ proto string password_hash(string password, string algo, array options = array())
Hash a password */
PHP_FUNCTION(password_hash)
{
- char *algo = 0, *hash_format, *hash, *salt, *password, *result;
- int algo_len = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len;
+ char *hash_format, *hash, *salt, *password, *result;
+ int algo = 0, salt_len = 0, required_salt_len = 0, hash_format_len, password_len;
HashTable *options = 0;
zval **option_buffer;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sH", &password, &password_len, &algo, &algo_len, &options) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &password, &password_len, &algo, &options) == FAILURE) {
RETURN_NULL();
}
- if (algo_len == 0) {
- algo = PHP_PASSWORD_DEFAULT;
- algo_len = strlen(PHP_PASSWORD_DEFAULT);
- }
-
- if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) {
- int cost = PHP_PASSWORD_BCRYPT_COST;
-
- if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) {
- convert_to_long_ex(option_buffer);
- cost = Z_LVAL_PP(option_buffer);
- zval_ptr_dtor(option_buffer);
+ switch (algo) {
+ case PHP_PASSWORD_BCRYPT:
+ {
+ int cost = PHP_PASSWORD_BCRYPT_COST;
+
+ if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) {
+ convert_to_long_ex(option_buffer);
+ cost = Z_LVAL_PP(option_buffer);
+ zval_ptr_dtor(option_buffer);
+ }
+
+ if (cost < 4 || cost > 31) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost);
+ RETURN_NULL();
+ }
+
+ required_salt_len = 22;
+ hash_format = emalloc(8);
+ sprintf(hash_format, "$2y$%02d$", cost);
+ hash_format_len = 7;
}
-
- if (cost < 4 || cost > 31) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost);
+ break;
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %d", algo);
RETURN_NULL();
- }
-
- required_salt_len = 22;
- hash_format = emalloc(8);
- sprintf(hash_format, "$2y$%02d$", cost);
- hash_format_len = 7;
- } else {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %s", algo);
- RETURN_NULL();
}
if (options && zend_symtable_find(options, "salt", 5, (void**) &option_buffer) == SUCCESS) {
diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
index 338665ea2f..57c6b88785 100644
--- a/ext/standard/php_password.h
+++ b/ext/standard/php_password.h
@@ -27,8 +27,8 @@ PHP_FUNCTION(password_make_salt);
PHP_MINIT_FUNCTION(password);
-#define PHP_PASSWORD_DEFAULT "2y"
-#define PHP_PASSWORD_BCRYPT "2y"
+#define PHP_PASSWORD_DEFAULT 1
+#define PHP_PASSWORD_BCRYPT 1
#define PHP_PASSWORD_BCRYPT_COST 10
diff --git a/ext/standard/tests/password/password_hash.phpt b/ext/standard/tests/password/password_hash.phpt
index 3b6fc0932c..ff48b29b16 100644
--- a/ext/standard/tests/password/password_hash.phpt
+++ b/ext/standard/tests/password/password_hash.phpt
@@ -4,9 +4,9 @@ Test normal operation of password_hash()
<?php
//-=-=-=-
-var_dump(strlen(password_hash("foo")));
+var_dump(strlen(password_hash("foo", PASSWORD_BCRYPT)));
-$hash = password_hash("foo");
+$hash = password_hash("foo", PASSWORD_BCRYPT);
var_dump($hash == crypt("foo", $hash));
diff --git a/ext/standard/tests/password/password_hash_error.phpt b/ext/standard/tests/password/password_hash_error.phpt
index b82e23edc0..695a6c479a 100644
--- a/ext/standard/tests/password/password_hash_error.phpt
+++ b/ext/standard/tests/password/password_hash_error.phpt
@@ -6,11 +6,13 @@ Test error operation of password_hash()
var_dump(password_hash());
+var_dump(password_hash("foo"));
+
var_dump(password_hash("foo", array()));
-var_dump(password_hash("foo", "bar", new StdClass));
+var_dump(password_hash("foo", 19, new StdClass));
-var_dump(password_hash("foo", "bar", "baz"));
+var_dump(password_hash("foo", PASSWORD_BCRYPT, "baz"));
var_dump(password_hash(array(), PASSWORD_BCRYPT));
@@ -18,13 +20,16 @@ var_dump(password_hash("123", PASSWORD_BCRYPT, array("salt" => array())));
?>
--EXPECTF--
-Warning: password_hash() expects at least 1 parameter, 0 given in %s on line %d
+Warning: password_hash() expects at least 2 parameters, 0 given in %s on line %d
+NULL
+
+Warning: password_hash() expects at least 2 parameters, 1 given in %s on line %d
NULL
-Warning: password_hash() expects parameter 2 to be string, array given in %s on line %d
+Warning: password_hash() expects parameter 2 to be long, array given in %s on line %d
NULL
-Warning: password_hash(): Unknown password hashing algorithm: bar in %s on line %d
+Warning: password_hash(): Unknown password hashing algorithm: 19 in %s on line %d
NULL
Warning: password_hash() expects parameter 3 to be array, string given in %s on line %d
View Lorry Controller Status