Inspection of "WIP: Move to stronger password hash" - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#2401)

by Kevin

created 2018-03-09 21:08 UTC

Status

Spacing +2 added lines, -2 removed lines patch added patch discarded remove patch

@@ -39,7 +39,7 @@  discard block
 block discarded – undo
     xml_error(ERR_ACCT_CREATION_DISABLED);
 }
 
-if(defined('INVITE_CODES')) {
+if (defined('INVITE_CODES')) {
     $invite_code = get_str("invite_code");
     if (!preg_match(INVITE_CODES, $invite_code)) {
         xml_error(ERR_ATTACH_FAIL_INIT);
@@ -70,7 +70,7 @@  discard block
 block discarded – undo
 
 $user = BoincUser::lookup_email_addr($email_addr);
 if ($user) {
-    if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
+    if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
         xml_error(ERR_DB_NOT_UNIQUE);
     } else {
         $authenticator = $user->authenticator;

Please login to merge, or discard this patch.

html/user/lookup_account.php 1 patch

Spacing +9 added lines, -9 removed lines patch added patch discarded remove patch

@@ -25,8 +25,8 @@  discard block
 block discarded – undo
 require_once("../inc/ldap.inc");
 require_once("../inc/password.php");
 
-function do_passwd_rehash($user,$passwd_hash) {
-    $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
+function do_passwd_rehash($user, $passwd_hash) {
+    $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
     $result = $user->update(
         "passwd_hash='$database_passwd_hash'"
     );
@@ -80,21 +80,21 @@  discard block
 block discarded – undo
     // if no password set, set password to account key
     //
     if (!strlen($user->passwd_hash)) {
-        $user->passwd_hash = password_hash($auth_hash , PASSWORD_DEFAULT);
+        $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
         $user->update("passwd_hash='$user->passwd_hash'");
     }
     
-    if ( password_verify($passwd_hash,$user->passwd_hash) ) {
+    if (password_verify($passwd_hash, $user->passwd_hash)) {
         // on valid login, rehash password if necessary to upgrade hash overtime
         // as the defaults change. 
-        if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
-            do_passwd_rehash($user,$passwd_hash);
+        if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
+            do_passwd_rehash($user, $passwd_hash);
         }
-    } else if ( $passwd_hash == $user->passwd_hash ) {
+    } else if ($passwd_hash == $user->passwd_hash) {
         // if password is the legacy md5 hash, then rehash to update to
         // a more secure hash
-        do_passwd_rehash($user,$passwd_hash);
-    } else if ( $auth_hash == $passwd_hash ) {
+        do_passwd_rehash($user, $passwd_hash);
+    } else if ($auth_hash == $passwd_hash) {
         // if the passed hash matches the auth hash, then allow it
     } else {
         // if none of the above match, the password is invalid

Please login to merge, or discard this patch.

		@@ -25,8 +25,8 @@ discard block
		block discarded – undo
25	25	require_once("../inc/ldap.inc");
26	26	require_once("../inc/password.php");
27	27
28		-function do_passwd_rehash($user,$passwd_hash) {
29		- $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
	28	+function do_passwd_rehash($user, $passwd_hash) {
	29	+ $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
30	30	$result = $user->update(
31	31	"passwd_hash='$database_passwd_hash'"
32	32	);
		@@ -80,21 +80,21 @@ discard block
		block discarded – undo
80	80	// if no password set, set password to account key
81	81	//
82	82	if (!strlen($user->passwd_hash)) {
83		- $user->passwd_hash = password_hash($auth_hash , PASSWORD_DEFAULT);
	83	+ $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
84	84	$user->update("passwd_hash='$user->passwd_hash'");
85	85	}
86	86
87		- if ( password_verify($passwd_hash,$user->passwd_hash) ) {
	87	+ if (password_verify($passwd_hash, $user->passwd_hash)) {
88	88	// on valid login, rehash password if necessary to upgrade hash overtime
89	89	// as the defaults change.
90		- if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
91		- do_passwd_rehash($user,$passwd_hash);
	90	+ if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
	91	+ do_passwd_rehash($user, $passwd_hash);
92	92	}
93		- } else if ( $passwd_hash == $user->passwd_hash ) {
	93	+ } else if ($passwd_hash == $user->passwd_hash) {
94	94	// if password is the legacy md5 hash, then rehash to update to
95	95	// a more secure hash
96		- do_passwd_rehash($user,$passwd_hash);
97		- } else if ( $auth_hash == $passwd_hash ) {
	96	+ do_passwd_rehash($user, $passwd_hash);
	97	+ } else if ($auth_hash == $passwd_hash) {
98	98	// if the passed hash matches the auth hash, then allow it
99	99	} else {
100	100	// if none of the above match, the password is invalid

		@@ -39,7 +39,7 @@ discard block
		block discarded – undo
39	39	xml_error(ERR_ACCT_CREATION_DISABLED);
40	40	}
41	41
42		-if(defined('INVITE_CODES')) {
	42	+if (defined('INVITE_CODES')) {
43	43	$invite_code = get_str("invite_code");
44	44	if (!preg_match(INVITE_CODES, $invite_code)) {
45	45	xml_error(ERR_ATTACH_FAIL_INIT);
		@@ -70,7 +70,7 @@ discard block
		block discarded – undo
70	70
71	71	$user = BoincUser::lookup_email_addr($email_addr);
72	72	if ($user) {
73		- if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
	73	+ if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
74	74	xml_error(ERR_DB_NOT_UNIQUE);
75	75	} else {
76	76	$authenticator = $user->authenticator;

BOINC / boinc

Pull Request — master (#2401)

Status

Category

Spacing +2 added lines, -2 removed lines patch added patch discarded remove patch

Spacing +9 added lines, -9 removed lines patch added patch discarded remove patch