Conditions | 36 |
Paths | 361 |
Total Lines | 136 |
Code Lines | 98 |
Lines | 0 |
Ratio | 0 % |
Changes | 2 | ||
Bugs | 1 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
1 | <?php |
||
118 | function password_hash($password, $algo, array $options = array()) |
||
119 | { |
||
120 | if (!function_exists('crypt')) { |
||
121 | trigger_error( |
||
122 | 'Crypt must be loaded for password_hash to function', |
||
123 | E_USER_WARNING |
||
124 | ); |
||
125 | return; |
||
126 | } |
||
127 | if (!is_string($password)) { |
||
128 | trigger_error( |
||
129 | 'password_hash(): Password must be a string', |
||
130 | E_USER_WARNING |
||
131 | ); |
||
132 | return; |
||
133 | } |
||
134 | if (!is_int($algo)) { |
||
135 | trigger_error( |
||
136 | 'password_hash() expects parameter 2 to be long, '.gettype($algo).' given', |
||
137 | E_USER_WARNING |
||
138 | ); |
||
139 | return; |
||
140 | } |
||
141 | switch ($algo) { |
||
142 | case PASSWORD_BCRYPT: |
||
143 | // Note that this is a C constant, but not exposed to PHP, so we don't define it here. |
||
144 | $cost = 10; |
||
145 | if (isset($options['cost'])) { |
||
146 | $cost = $options['cost']; |
||
147 | if ($cost < 4 || $cost > 31) { |
||
148 | trigger_error( |
||
149 | sprintf('password_hash(): Invalid bcrypt cost parameter specified: %d', $cost), |
||
150 | E_USER_WARNING |
||
151 | ); |
||
152 | return; |
||
153 | } |
||
154 | } |
||
155 | $required_salt_len = 22; |
||
156 | $hash_format = sprintf('$2y$%02d$', $cost); |
||
157 | break; |
||
158 | default: |
||
159 | trigger_error( |
||
160 | sprintf('password_hash(): Unknown password hashing algorithm: %s', $algo), |
||
161 | E_USER_WARNING |
||
162 | ); |
||
163 | return; |
||
164 | } |
||
165 | if (isset($options['salt'])) { |
||
166 | switch (gettype($options['salt'])) { |
||
167 | case 'NULL': |
||
168 | case 'boolean': |
||
169 | case 'integer': |
||
170 | case 'double': |
||
171 | case 'string': |
||
172 | $salt = (string) $options['salt']; |
||
173 | break; |
||
174 | case 'object': |
||
175 | if (method_exists($options['salt'], '__tostring')) { |
||
176 | $salt = (string) $options['salt']; |
||
177 | break; |
||
178 | } |
||
179 | // no-break |
||
180 | case 'array': |
||
181 | case 'resource': |
||
182 | default: |
||
183 | trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); |
||
184 | |||
185 | return; |
||
186 | } |
||
187 | if (strlen($salt) < $required_salt_len) { |
||
188 | trigger_error( |
||
189 | sprintf( |
||
190 | 'password_hash(): Provided salt is too short: %d expecting %d', |
||
191 | strlen($salt), |
||
192 | $required_salt_len |
||
193 | ), |
||
194 | E_USER_WARNING |
||
195 | ); |
||
196 | return; |
||
197 | } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { |
||
198 | $salt = str_replace('+', '.', base64_encode($salt)); |
||
199 | } |
||
200 | } else { |
||
201 | $buffer = ''; |
||
202 | $raw_length = (int) ($required_salt_len * 3 / 4 + 1); |
||
203 | $buffer_valid = false; |
||
204 | if (function_exists('mcrypt_create_iv')) { |
||
205 | $buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM); |
||
206 | if ($buffer) { |
||
207 | $buffer_valid = true; |
||
208 | } |
||
209 | } |
||
210 | if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { |
||
211 | $buffer = openssl_random_pseudo_bytes($raw_length); |
||
212 | if ($buffer) { |
||
213 | $buffer_valid = true; |
||
214 | } |
||
215 | } |
||
216 | if (!$buffer_valid && file_exists('/dev/urandom')) { |
||
217 | $f = @fopen('/dev/urandom', 'r'); |
||
218 | if ($f) { |
||
219 | $read = strlen($buffer); |
||
220 | while ($read < $raw_length) { |
||
221 | $buffer .= fread($f, $raw_length - $read); |
||
222 | $read = strlen($buffer); |
||
223 | } |
||
224 | fclose($f); |
||
225 | if ($read >= $raw_length) { |
||
226 | $buffer_valid = true; |
||
227 | } |
||
228 | } |
||
229 | } |
||
230 | if (!$buffer_valid || strlen($buffer) < $raw_length) { |
||
231 | $bl = strlen($buffer); |
||
232 | for ($i = 0; $i < $raw_length; ++$i) { |
||
233 | if ($i < $bl) { |
||
234 | $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); |
||
235 | } else { |
||
236 | $buffer .= chr(mt_rand(0, 255)); |
||
237 | } |
||
238 | } |
||
239 | } |
||
240 | $salt = str_replace('+', '.', base64_encode($buffer)); |
||
241 | } |
||
242 | $salt = substr($salt, 0, $required_salt_len); |
||
243 | |||
244 | $hash = $hash_format.$salt; |
||
245 | |||
246 | $ret = crypt($password, $hash); |
||
247 | |||
248 | if (!is_string($ret) || strlen($ret) <= 13) { |
||
249 | return false; |
||
250 | } |
||
251 | |||
252 | return $ret; |
||
253 | } |
||
254 | |||
345 |