BOINC /
boinc
@@ -50,47 +50,47 @@ discard block |
||
| 50 | 50 | } |
| 51 | 51 | $resultLength = 0; |
| 52 | 52 | switch ($algo) { |
| 53 | - case PASSWORD_BCRYPT: |
|
| 54 | - $cost = PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 55 | - if (isset($options['cost'])) { |
|
| 56 | - $cost = (int) $options['cost']; |
|
| 57 | - if ($cost < 4 || $cost > 31) { |
|
| 58 | - trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); |
|
| 59 | - return null; |
|
| 60 | - } |
|
| 53 | + case PASSWORD_BCRYPT: |
|
| 54 | + $cost = PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 55 | + if (isset($options['cost'])) { |
|
| 56 | + $cost = (int) $options['cost']; |
|
| 57 | + if ($cost < 4 || $cost > 31) { |
|
| 58 | + trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); |
|
| 59 | + return null; |
|
| 61 | 60 | } |
| 62 | - // The length of salt to generate |
|
| 63 | - $raw_salt_len = 16; |
|
| 64 | - // The length required in the final serialization |
|
| 65 | - $required_salt_len = 22; |
|
| 66 | - $hash_format = sprintf("$2y$%02d$", $cost); |
|
| 67 | - // The expected length of the final crypt() output |
|
| 68 | - $resultLength = 60; |
|
| 69 | - break; |
|
| 70 | - default: |
|
| 71 | - trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); |
|
| 72 | - return null; |
|
| 61 | + } |
|
| 62 | + // The length of salt to generate |
|
| 63 | + $raw_salt_len = 16; |
|
| 64 | + // The length required in the final serialization |
|
| 65 | + $required_salt_len = 22; |
|
| 66 | + $hash_format = sprintf("$2y$%02d$", $cost); |
|
| 67 | + // The expected length of the final crypt() output |
|
| 68 | + $resultLength = 60; |
|
| 69 | + break; |
|
| 70 | + default: |
|
| 71 | + trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); |
|
| 72 | + return null; |
|
| 73 | 73 | } |
| 74 | 74 | $salt_req_encoding = false; |
| 75 | 75 | if (isset($options['salt'])) { |
| 76 | 76 | switch (gettype($options['salt'])) { |
| 77 | - case 'NULL': |
|
| 78 | - case 'boolean': |
|
| 79 | - case 'integer': |
|
| 80 | - case 'double': |
|
| 81 | - case 'string': |
|
| 77 | + case 'NULL': |
|
| 78 | + case 'boolean': |
|
| 79 | + case 'integer': |
|
| 80 | + case 'double': |
|
| 81 | + case 'string': |
|
| 82 | + $salt = (string) $options['salt']; |
|
| 83 | + break; |
|
| 84 | + case 'object': |
|
| 85 | + if (method_exists($options['salt'], '__tostring')) { |
|
| 82 | 86 | $salt = (string) $options['salt']; |
| 83 | 87 | break; |
| 84 | - case 'object': |
|
| 85 | - if (method_exists($options['salt'], '__tostring')) { |
|
| 86 | - $salt = (string) $options['salt']; |
|
| 87 | - break; |
|
| 88 | - } |
|
| 89 | - case 'array': |
|
| 90 | - case 'resource': |
|
| 91 | - default: |
|
| 92 | - trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); |
|
| 93 | - return null; |
|
| 88 | + } |
|
| 89 | + case 'array': |
|
| 90 | + case 'resource': |
|
| 91 | + default: |
|
| 92 | + trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); |
|
| 93 | + return null; |
|
| 94 | 94 | } |
| 95 | 95 | if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { |
| 96 | 96 | trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); |
@@ -212,12 +212,12 @@ discard block |
||
| 212 | 212 | return true; |
| 213 | 213 | } |
| 214 | 214 | switch ($algo) { |
| 215 | - case PASSWORD_BCRYPT: |
|
| 216 | - $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 217 | - if ($cost !== $info['options']['cost']) { |
|
| 218 | - return true; |
|
| 219 | - } |
|
| 220 | - break; |
|
| 215 | + case PASSWORD_BCRYPT: |
|
| 216 | + $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 217 | + if ($cost !== $info['options']['cost']) { |
|
| 218 | + return true; |
|
| 219 | + } |
|
| 220 | + break; |
|
| 221 | 221 | } |
| 222 | 222 | return false; |
| 223 | 223 | } |
@@ -38,14 +38,14 @@ discard block |
||
| 38 | 38 | return null; |
| 39 | 39 | } |
| 40 | 40 | if (is_null($password) || is_int($password)) { |
| 41 | - $password = (string) $password; |
|
| 41 | + $password = (string)$password; |
|
| 42 | 42 | } |
| 43 | 43 | if (!is_string($password)) { |
| 44 | 44 | trigger_error("password_hash(): Password must be a string", E_USER_WARNING); |
| 45 | 45 | return null; |
| 46 | 46 | } |
| 47 | 47 | if (!is_int($algo)) { |
| 48 | - trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); |
|
| 48 | + trigger_error("password_hash() expects parameter 2 to be long, ".gettype($algo)." given", E_USER_WARNING); |
|
| 49 | 49 | return null; |
| 50 | 50 | } |
| 51 | 51 | $resultLength = 0; |
@@ -53,7 +53,7 @@ discard block |
||
| 53 | 53 | case PASSWORD_BCRYPT: |
| 54 | 54 | $cost = PASSWORD_BCRYPT_DEFAULT_COST; |
| 55 | 55 | if (isset($options['cost'])) { |
| 56 | - $cost = (int) $options['cost']; |
|
| 56 | + $cost = (int)$options['cost']; |
|
| 57 | 57 | if ($cost < 4 || $cost > 31) { |
| 58 | 58 | trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); |
| 59 | 59 | return null; |
@@ -79,11 +79,11 @@ discard block |
||
| 79 | 79 | case 'integer': |
| 80 | 80 | case 'double': |
| 81 | 81 | case 'string': |
| 82 | - $salt = (string) $options['salt']; |
|
| 82 | + $salt = (string)$options['salt']; |
|
| 83 | 83 | break; |
| 84 | 84 | case 'object': |
| 85 | 85 | if (method_exists($options['salt'], '__tostring')) { |
| 86 | - $salt = (string) $options['salt']; |
|
| 86 | + $salt = (string)$options['salt']; |
|
| 87 | 87 | break; |
| 88 | 88 | } |
| 89 | 89 | case 'array': |
@@ -126,13 +126,13 @@ discard block |
||
| 126 | 126 | if ($read >= $raw_salt_len) { |
| 127 | 127 | $buffer_valid = true; |
| 128 | 128 | } |
| 129 | - $buffer = str_pad($buffer, $raw_salt_len, "\0") ^ str_pad($local_buffer, $raw_salt_len, "\0"); |
|
| 129 | + $buffer = str_pad($buffer, $raw_salt_len, "\0")^str_pad($local_buffer, $raw_salt_len, "\0"); |
|
| 130 | 130 | } |
| 131 | 131 | if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { |
| 132 | 132 | $buffer_length = PasswordCompat\binary\_strlen($buffer); |
| 133 | 133 | for ($i = 0; $i < $raw_salt_len; $i++) { |
| 134 | 134 | if ($i < $buffer_length) { |
| 135 | - $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); |
|
| 135 | + $buffer[$i] = $buffer[$i]^chr(mt_rand(0, 255)); |
|
| 136 | 136 | } else { |
| 137 | 137 | $buffer .= chr(mt_rand(0, 255)); |
| 138 | 138 | } |
@@ -153,7 +153,7 @@ discard block |
||
| 153 | 153 | } |
| 154 | 154 | $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); |
| 155 | 155 | |
| 156 | - $hash = $hash_format . $salt; |
|
| 156 | + $hash = $hash_format.$salt; |
|
| 157 | 157 | |
| 158 | 158 | $ret = crypt($password, $hash); |
| 159 | 159 | |
@@ -208,12 +208,12 @@ discard block |
||
| 208 | 208 | */ |
| 209 | 209 | function password_needs_rehash($hash, $algo, array $options = array()) { |
| 210 | 210 | $info = password_get_info($hash); |
| 211 | - if ($info['algo'] !== (int) $algo) { |
|
| 211 | + if ($info['algo'] !== (int)$algo) { |
|
| 212 | 212 | return true; |
| 213 | 213 | } |
| 214 | 214 | switch ($algo) { |
| 215 | 215 | case PASSWORD_BCRYPT: |
| 216 | - $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 216 | + $cost = isset($options['cost']) ? (int)$options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; |
|
| 217 | 217 | if ($cost !== $info['options']['cost']) { |
| 218 | 218 | return true; |
| 219 | 219 | } |
@@ -242,7 +242,7 @@ discard block |
||
| 242 | 242 | |
| 243 | 243 | $status = 0; |
| 244 | 244 | for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { |
| 245 | - $status |= (ord($ret[$i]) ^ ord($hash[$i])); |
|
| 245 | + $status |= (ord($ret[$i])^ord($hash[$i])); |
|
| 246 | 246 | } |
| 247 | 247 | |
| 248 | 248 | return $status === 0; |
@@ -299,7 +299,7 @@ |
||
| 299 | 299 | * @return boolean the check result |
| 300 | 300 | */ |
| 301 | 301 | function check() { |
| 302 | - static $pass = NULL; |
|
| 302 | + static $pass = null; |
|
| 303 | 303 | |
| 304 | 304 | if (is_null($pass)) { |
| 305 | 305 | if (function_exists('crypt')) { |
@@ -28,7 +28,7 @@ discard block |
||
| 28 | 28 | function is_banned_email_addr($email_addr) { |
| 29 | 29 | global $banned_email_domains; |
| 30 | 30 | if (isset($banned_email_domains)) { |
| 31 | - foreach($banned_email_domains as $d) { |
|
| 31 | + foreach ($banned_email_domains as $d) { |
|
| 32 | 32 | $x = strstr($email_addr, $d); |
| 33 | 33 | if ($x == $d) return true; |
| 34 | 34 | } |
@@ -56,7 +56,7 @@ discard block |
||
| 56 | 56 | // |
| 57 | 57 | function make_user( |
| 58 | 58 | $email_addr, $name, $passwd_hash, |
| 59 | - $country=null, $postal_code=null, $project_prefs=null, $teamid=0 |
|
| 59 | + $country = null, $postal_code = null, $project_prefs = null, $teamid = 0 |
|
| 60 | 60 | ) { |
| 61 | 61 | if (!is_valid_email_addr($email_addr)) return null; |
| 62 | 62 | if (is_banned_email_addr($email_addr)) return null; |
@@ -69,7 +69,7 @@ discard block |
||
| 69 | 69 | $email_addr = BoincDb::escape_string($email_addr); |
| 70 | 70 | $name = sanitize_tags($name); |
| 71 | 71 | $name = BoincDb::escape_string($name); |
| 72 | - $database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT); |
|
| 72 | + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
|
| 73 | 73 | $database_passwd_hash = BoincDb::escape_string($database_passwd_hash); |
| 74 | 74 | |
| 75 | 75 | $country = BoincDb::escape_string($country); |
@@ -189,7 +189,7 @@ discard block |
||
| 189 | 189 | show_error(tra("Passwords may only include ASCII characters.")); |
| 190 | 190 | } |
| 191 | 191 | |
| 192 | - if (strlen($passwd)<$min_passwd_length) { |
|
| 192 | + if (strlen($passwd) < $min_passwd_length) { |
|
| 193 | 193 | show_error( |
| 194 | 194 | tra("New password is too short: minimum password length is %1 characters.", $min_passwd_length) |
| 195 | 195 | ); |
@@ -45,17 +45,17 @@ discard block |
||
| 45 | 45 | page_tail(); |
| 46 | 46 | exit; |
| 47 | 47 | } |
| 48 | - if (substr($user->authenticator, 0, 1) == 'x'){ |
|
| 48 | + if (substr($user->authenticator, 0, 1) == 'x') { |
|
| 49 | 49 | sleep(LOGIN_FAIL_SLEEP_SEC); |
| 50 | 50 | error_page("This account has been administratively disabled."); |
| 51 | 51 | } |
| 52 | 52 | // allow authenticator as password |
| 53 | - if ($passwd != $user->authenticator ) { |
|
| 53 | + if ($passwd != $user->authenticator) { |
|
| 54 | 54 | $passwd_hash = md5($passwd.$email_addr); |
| 55 | - if ( $passwd_hash == $user->passwd_hash || password_verify($passwd_hash,$user->passwd_hash) ) { |
|
| 55 | + if ($passwd_hash == $user->passwd_hash || password_verify($passwd_hash, $user->passwd_hash)) { |
|
| 56 | 56 | // on valid login, rehash password in order to upgrade hash overtime |
| 57 | 57 | // as the defaults change. Also converts users passwords from md5 if required |
| 58 | - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT); |
|
| 58 | + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
|
| 59 | 59 | $result = $user->update( |
| 60 | 60 | "passwd_hash='$database_passwd_hash'" |
| 61 | 61 | ); |
@@ -113,7 +113,7 @@ discard block |
||
| 113 | 113 | Please <a href=get_passwd.php>try again</a>. |
| 114 | 114 | "; |
| 115 | 115 | page_tail(); |
| 116 | - } else if (substr($user->authenticator, 0, 1) == 'x'){ |
|
| 116 | + } else if (substr($user->authenticator, 0, 1) == 'x') { |
|
| 117 | 117 | sleep(LOGIN_FAIL_SLEEP_SEC); |
| 118 | 118 | error_page("This account has been administratively disabled."); |
| 119 | 119 | } else { |
@@ -47,15 +47,15 @@ |
||
| 47 | 47 | // deal with the case where user hasn't set passwd |
| 48 | 48 | // (i.e. passwd is account key) |
| 49 | 49 | // |
| 50 | - if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) { |
|
| 50 | + if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) { |
|
| 51 | 51 | $passwd = $user->authenticator; |
| 52 | 52 | $passwd_hash = md5($passwd.$user->email_addr); |
| 53 | 53 | } |
| 54 | - if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) { |
|
| 54 | + if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) { |
|
| 55 | 55 | echo tra("Invalid password."); |
| 56 | 56 | } else { |
| 57 | 57 | $passwd_hash = md5($passwd.$email_addr); |
| 58 | - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT ); |
|
| 58 | + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
|
| 59 | 59 | $email_addr = BoincDb::escape_string($email_addr); |
| 60 | 60 | $result = $user->update( |
| 61 | 61 | "email_addr='$email_addr', passwd_hash='$database_passwd_hash', email_validated=0" |
@@ -46,7 +46,7 @@ |
||
| 46 | 46 | } |
| 47 | 47 | |
| 48 | 48 | $passwd_hash = md5($passwd.$user->email_addr); |
| 49 | -$database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT); |
|
| 49 | +$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); |
|
| 50 | 50 | $result = $user->update("passwd_hash='$database_passwd_hash'"); |
| 51 | 51 | if (!$result) { |
| 52 | 52 | error_page(tra("We can't update your password due to a database problem. Please try again later.")); |
