From 1fcc585cd4079a4aa996c0da19753ffa228f0974 Mon Sep 17 00:00:00 2001
From: Andrey Kutejko <andy128k@gmail.com>
Date: Sun, 10 Mar 2019 16:55:18 +0100
Subject: [PATCH] fix checkPassword

---
 ipf/crypto.php   | 2 +-
 t/CryptoTest.php | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 t/CryptoTest.php

diff --git a/ipf/crypto.php b/ipf/crypto.php
index 7aed01e..9722b49 100644
--- a/ipf/crypto.php
+++ b/ipf/crypto.php
@@ -30,7 +30,7 @@ class IPF_Crypto
 
     public static function checkPassword($rawPassword, $hashedPassword)
     {
-        if (!$rawPassword || !$hashedPassword)
+        if (!$rawPassword || !$hashedPassword || strpos($hashedPassword, ':') === false)
             return false;
         list($algo, $salt, $hash) = explode(':', $hashedPassword);
         return $hash === $algo($salt . $rawPassword);
diff --git a/t/CryptoTest.php b/t/CryptoTest.php
new file mode 100644
index 0000000..d865881
--- /dev/null
+++ b/t/CryptoTest.php
@@ -0,0 +1,9 @@
+<?php
+
+class Crypto_Test extends PHPUnit_Framework_TestCase
+{
+    public function testRecording()
+    {
+        $this->assertFalse(IPF_Crypto::checkPassword('secret', 'badhash'));
+    }
+}
-- 
2.49.0