Issues in Mlf2PasswordHasher.php (develop) - Issues in develop - Schlaefer/Saito - Measure and Improve Code Quality continuously with Scrutinizer

Issues (326)

src/Auth/Mlf2PasswordHasher.php (1 issue)

Labels

Severity

Major 1

<?php

declare(strict_types=1);

/**
 * Saito - The Threaded Web Forum
 *
 * @copyright Copyright (c) the Saito Project Developers
 * @link https://github.com/Schlaefer/Saito
 * @license http://opensource.org/licenses/MIT
 */

namespace App\Auth;

use Authentication\PasswordHasher\AbstractPasswordHasher;
use Cake\Utility\Security;
use Cake\Utility\Text;

/**
 * mylittleforum 2.x salted sha1 passwords.
 */
class Mlf2PasswordHasher extends AbstractPasswordHasher
{
    /**
     * {@inheritDoc}
     */
    public function hash($password)
    {
        // compare to includes/functions.inc.php generate_pw_hash() mlf 2.3
        $salt = self::_generateRandomString(10);
        $saltedHash = sha1($password . $salt);
        $hashWithSalt = $saltedHash . $salt;

        return $hashWithSalt;
    }

    /**
     * Generate random string
     *
     * @param int $maxLength maximum length
     * @return string
     */
    protected static function _generateRandomString($maxLength = null)
    {
        $string = Security::hash(Text::uuid());
        if ($maxLength) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
            $string = substr($string, 0, $maxLength);
        }

        return $string;
    }

    /**
     * {@inheritDoc}
     */
    public function check($password, $hash)
    {
        $out = false;
        // compare to includes/functions.inc.php is_pw_correct() mlf 2.3
        $saltedHash = substr($hash, 0, 40);
        $salt = substr($hash, 40, 10);
        if (sha1($password . $salt) == $saltedHash) :
            $out = true;
        endif;

        return $out;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/**
6			* Saito - The Threaded Web Forum
7			*
8			* @copyright Copyright (c) the Saito Project Developers
9			* @link https://github.com/Schlaefer/Saito
10			* @license http://opensource.org/licenses/MIT
11			*/
12
13			namespace App\Auth;
14
15			use Authentication\PasswordHasher\AbstractPasswordHasher;
16			use Cake\Utility\Security;
17			use Cake\Utility\Text;
18
19			/**
20			* mylittleforum 2.x salted sha1 passwords.
21			*/
22			class Mlf2PasswordHasher extends AbstractPasswordHasher
23			{
24			/**
25			* {@inheritDoc}
26			*/
27			public function hash($password)
28			{
29			// compare to includes/functions.inc.php generate_pw_hash() mlf 2.3
30			$salt = self::_generateRandomString(10);
31			$saltedHash = sha1($password . $salt);
32			$hashWithSalt = $saltedHash . $salt;
33
34			return $hashWithSalt;
35			}
36
37			/**
38			* Generate random string
39			*
40			* @param int $maxLength maximum length
41			* @return string
42			*/
43			protected static function _generateRandomString($maxLength = null)
44			{
45			$string = Security::hash(Text::uuid());
46			if ($maxLength) {
			0 ignored issues – show Bug Best Practice introduced 2019-10-31 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$maxLength` of type `integer\|null` is loosely compared to `true`; this is ambiguous if the integer can be 0. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
47			$string = substr($string, 0, $maxLength);
48			}
49
50			return $string;
51			}
52
53			/**
54			* {@inheritDoc}
55			*/
56			public function check($password, $hash)
57			{
58			$out = false;
59			// compare to includes/functions.inc.php is_pw_correct() mlf 2.3
60			$saltedHash = substr($hash, 0, 40);
61			$salt = substr($hash, 40, 10);
62			if (sha1($password . $salt) == $saltedHash) :
63			$out = true;
64			endif;
65
66			return $out;
67			}
68			}
69

Schlaefer / Saito

Issues (326)

src/Auth/Mlf2PasswordHasher.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like