Permalink
Browse files

Omit fallback logic for password cost

We can ensure the value must be present through good update docs and
possibly automated checks in the update script.
  • Loading branch information...
franzliedke committed Jan 3, 2019
1 parent bda4395 commit e1399ca82dd137eb49e8c0318c7f6839b34fc69a
Showing with 2 additions and 11 deletions.
  1. +2 −11 include/functions.php
@@ -1101,11 +1101,7 @@ function flux_password_hash($pass)
{
global $password_hash_cost;
$cost = $password_hash_cost;
if (empty($cost))
$cost = 10;
return password_hash($pass, PASSWORD_DEFAULT, array('cost' => $cost));
return password_hash($pass, PASSWORD_DEFAULT, array('cost' => $password_hash_cost));
}
@@ -1141,17 +1137,12 @@ function flux_password_needs_rehash($hash)
{
global $password_hash_cost;
// Determine appropriate cost
$cost = $password_hash_cost;
if (empty($cost))
$cost = 10;
// Check for legacy md5 or sha1 hash
if (strlen($hash) <= 40)
return true;
// Check for out-of-date hash type or cost
return password_needs_rehash($hash, PASSWORD_DEFAULT, array('cost' => $cost));
return password_needs_rehash($hash, PASSWORD_DEFAULT, array('cost' => $password_hash_cost));
}

0 comments on commit e1399ca

Please sign in to comment.