recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.

Summary:
PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.

Test Plan:
Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8808

authored by

Wenyu Zhang and committed by
epriestley ba956711 35df9880

+1 -1
+1 -1
src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php
··· 38 38 'cost' => $this->getBcryptCost(), 39 39 ); 40 40 41 - $raw_hash = password_hash($raw_input, CRYPT_BLOWFISH, $options); 41 + $raw_hash = password_hash($raw_input, PASSWORD_BCRYPT, $options); 42 42 43 43 return new PhutilOpaqueEnvelope($raw_hash); 44 44 }