fix checkPassword

author Andrey Kutejko <andy128k@gmail.com>

Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)

committer Andrey Kutejko <andy128k@gmail.com>

Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)
author Andrey Kutejko <andy128k@gmail.com>
Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)
committer Andrey Kutejko <andy128k@gmail.com>
Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)
diff --git a/ipf/crypto.php b/ipf/crypto.php

index 7aed01ea57dbcc5f0008e4e1e2581ec0be5592af..9722b49591e38fccd97238428bce645e5fe22703 100644 (file)
--- a/ipf/crypto.php
+++ b/ipf/crypto.php
@@ -30,7 +30,7 @@ class IPF_Crypto
  
      public static function checkPassword($rawPassword, $hashedPassword)
      {
-        if (!$rawPassword || !$hashedPassword)
+        if (!$rawPassword || !$hashedPassword || strpos($hashedPassword, ':') === false)
              return false;
          list($algo, $salt, $hash) = explode(':', $hashedPassword);
          return $hash === $algo($salt . $rawPassword);
diff --git a/t/CryptoTest.php b/t/CryptoTest.php

new file mode 100644 (file)

index 0000000..d865881
--- /dev/null
+++ b/t/CryptoTest.php
@@ -0,0 +1,9 @@
+<?php
+
+class Crypto_Test extends PHPUnit_Framework_TestCase
+{
+    public function testRecording()
+    {
+        $this->assertFalse(IPF_Crypto::checkPassword('secret', 'badhash'));
+    }
+}
author	Andrey Kutejko <andy128k@gmail.com>
	Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)
committer	Andrey Kutejko <andy128k@gmail.com>
	Sun, 10 Mar 2019 15:55:18 +0000 (16:55 +0100)
ipf/crypto.php		patch \| blob \| history
t/CryptoTest.php	[new file with mode: 0644]	patch \| blob