tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #393 from ajoneil/blowfish-encryption

Browse Source 
MINOR: Fix style according to style guidelines, and add a comment about ...
This commit is contained in:
Sean Harvey 2012-05-01 20:01:45 -07:00
commit c8d2a6f27b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/PasswordEncryptor.php
View File

@ -134,12 +134,18 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
protected static $cost = 10; protected static $cost = 10;
function encrypt($password, $salt = null, $member = null) { function encrypt($password, $salt = null, $member = null) {
// We use $2y$ here instead of $2a$ - in PHP < 5.3.7, passwords
// with non-ascii characters will use a flawed version of the blowfish
// algorithm when specified with $2a$. $2y$ specifies non-flawed version
// in all cases.
// See https://bugs.php.net/bug.php?id=55477&edit=1
$method_and_salt = '$2y$' . $salt; $method_and_salt = '$2y$' . $salt;
$encrypted_password = crypt($password, $method_and_salt); $encrypted_password = crypt($password, $method_and_salt);
// We *never* want to generate blank passwords. If something // We *never* want to generate blank passwords. If something
// goes wrong, throw an exception. // goes wrong, throw an exception.
if(strpos($encrypted_password, $method_and_salt) === false) if(strpos($encrypted_password, $method_and_salt) === false) {
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.'); throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
}
// Remove the method and salt from the password, as the salt // Remove the method and salt from the password, as the salt
// is stored in a separate column. // is stored in a separate column.