Use password_hash() and friends to hash and verify passwords - ratatoeskr-cms - Ratatöskr is a flexible Content Management System / Blogging Software for PHP 5.3.

diff options

author	Laria Carolin Chabowski <laria@laria.me>	2020-09-25 23:09:31 +0200
committer	Laria Carolin Chabowski <laria@laria.me>	2020-09-25 23:09:31 +0200
commit	5e347e4efaa81c2108256dc927208cd55dc10baa (patch)
tree	fccd9fea24e436ea2f3fa073475b2b665a4c31cf /ratatoeskr/libs/INFO
parent	854fef47192b45517d112e630fe2afa830432253 (diff)
download	ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.gz ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.tar.bz2 ratatoeskr-cms-5e347e4efaa81c2108256dc927208cd55dc10baa.zip

Use password_hash() and friends to hash and verify passwords

Previously I rolled my own password hashing function. While it at least used some sort of salt, it's still a terrible idea. The newly created class PasswordHash wraps the password_hash() family of functions but can also check the old password hash format (to distinguish them, the new password hashes are prefixed with a '!'). In PasswordHash::needsRehash we then always report an hash of the old format as being in need of a rehash. That way, these old hashes will be replaced the next time the user successfully logs in.

Diffstat (limited to 'ratatoeskr/libs/INFO')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: