From: Andrey Kutejko <andy128k@gmail.com>
Date: Sun, 10 Mar 2019 15:55:18 +0000 (+0100)
Subject: fix checkPassword
X-Git-Tag: 0.6~2
X-Git-Url: https://git.andy128k.dev/?a=commitdiff_plain;h=1fcc585cd4079a4aa996c0da19753ffa228f0974;p=ipf.git

fix checkPassword
---

diff --git a/ipf/crypto.php b/ipf/crypto.php
index 7aed01e..9722b49 100644
--- a/ipf/crypto.php
+++ b/ipf/crypto.php
@@ -30,7 +30,7 @@ class IPF_Crypto
 
     public static function checkPassword($rawPassword, $hashedPassword)
     {
-        if (!$rawPassword || !$hashedPassword)
+        if (!$rawPassword || !$hashedPassword || strpos($hashedPassword, ':') === false)
             return false;
         list($algo, $salt, $hash) = explode(':', $hashedPassword);
         return $hash === $algo($salt . $rawPassword);
diff --git a/t/CryptoTest.php b/t/CryptoTest.php
new file mode 100644
index 0000000..d865881
--- /dev/null
+++ b/t/CryptoTest.php
@@ -0,0 +1,9 @@
+<?php
+
+class Crypto_Test extends PHPUnit_Framework_TestCase
+{
+    public function testRecording()
+    {
+        $this->assertFalse(IPF_Crypto::checkPassword('secret', 'badhash'));
+    }
+}