Merge branch 'master' into v1.0

Conflicts:
	composer.json

.gitattributes

@@ -0,0 +1,8 @@
+* text=auto
+
+/test export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/.travis.yml export-ignore
+/phpunit.xml.dist export-ignore
+/README.md export-ignore

.gitignore

@@ -0,0 +1,3 @@
+composer.lock
+phpunit.xml
+vendor

.travis.yml

@@ -1,8 +1,19 @@
 language: php
 
 php:
-  - 5.5
-  - 5.4
   - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - hhvm
+
+install:
+  - travis_retry composer install --no-interaction --prefer-source
+
+script:
+  - vendor/bin/phpunit
 
-script: phpunit --configuration phpunit.xml.dist
+matrix:
+  allow_failures:
+    - php: hhvm
+  fast_finish: true

README.md

@@ -3,21 +3,21 @@ password_compat
 
 [![Build Status](https://travis-ci.org/ircmaxell/password_compat.png?branch=master)](https://travis-ci.org/ircmaxell/password_compat)
 
-This library is intended to provide forward compatibility with the password_* functions being worked on for PHP 5.5.
+This library is intended to provide forward compatibility with the [password_*](http://php.net/password) functions being worked on for PHP 5.5.
 
 See [the RFC](https://wiki.php.net/rfc/password_hash) for more detailed information.
 
 
 Requirements
 ============
 
-This library requires `PHP >= 5.3.7` OR a version that has the `$2y` fix backported into it (such as Debian provides).
+This library requires `PHP >= 5.3.7` OR a version that has the `$2y` fix backported into it (such as RedHat provides). Note that Debian's 5.3.3 version is **NOT** supported.
 
 The runtime checks have been removed due to this version issue. To see if password_compat is available for your system, run the included `version-test.php`. If it outputs "Pass", you can safely use the library. If not, you cannot. 
 
 If you attempt to use password-compat on an unsupported version, attempts to create or verify hashes will return `false`. You have been warned!
 
-The reason for this is that PHP prior to 5.3.7 contains a security issue with its BCRYPT implementation. Therefore, it's highly recommended that you upgrade to a newer version of PHP prior to using this layer.
+The reason for this is that PHP prior to 5.3.7 contains a [security issue with its BCRYPT implementation](http://php.net/security/crypt_blowfish.php). Therefore, it's highly recommended that you upgrade to a newer version of PHP prior to using this layer.
 
 Installation
 ============
@@ -32,44 +32,45 @@ Usage
 **Creating Password Hashes**
 
 To create a password hash from a password, simply use the `password_hash` function.
-
+````PHP
     $hash = password_hash($password, PASSWORD_BCRYPT);
-
+````
 Note that the algorithm that we chose is `PASSWORD_BCRYPT`. That's the current strongest algorithm supported. This is the `BCRYPT` crypt algorithm. It produces a 60 character hash as the result.
 
 `BCRYPT` also allows for you to define a `cost` parameter in the options array. This allows for you to change the CPU cost of the algorithm:
-
-    $hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 10]);
-
+````PHP
+    $hash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 10));
+````
 That's the same as the default. The cost can range from `4` to `31`. I would suggest that you use the highest cost that you can, while keeping response time reasonable (I target between 0.1 and 0.5 seconds for a hash, depending on use-case).
 
 Another algorithm name is supported:
-
+````PHP
     PASSWORD_DEFAULT
-
+````
 This will use the strongest algorithm available to PHP at the current time. Presently, this is the same as specifying `PASSWORD_BCRYPT`. But in future versions of PHP, it may be updated to use a stronger algorithm if one is introduced. It can also be changed if a problem is identified with the BCRYPT algorithm. Note that if you use this option, you are **strongly** encouraged to store it in a `VARCHAR(255)` column to avoid truncation issues if a future algorithm increases the length of the generated hash.
 
 It is very important that you should check the return value of `password_hash` prior to storing it, because a `false` may be returned if it encountered an error.
 
 **Verifying Password Hashes**
 
 To verify a hash created by `password_hash`, simply call:
-
+````PHP
 	if (password_verify($password, $hash)) {
 		/* Valid */
 	} else {
 		/* Invalid */
 	}
-
+````
 That's all there is to it.
 
 **Rehashing Passwords**
 
 From time to time you may update your hashing parameters (algorithm, cost, etc). So a function to determine if rehashing is necessary is available:
-
+````PHP
     if (password_verify($password, $hash)) {
 		if (password_needs_rehash($hash, $algorithm, $options)) {
 			$hash = password_hash($password, $algorithm, $options);
 			/* Store new hash in db */
 		}
 	}
+````

composer.json

@@ -1,18 +1,20 @@
 {
-	"name": "ircmaxell/password-compat",
-	"description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash",
-	"version": "1.0.3",
-	"keywords": ["password", "hashing"],
-	"homepage": "https://github.com/ircmaxell/password_compat",
-	"license": "MIT",
-	"authors": [
-		{
-			"name": "Anthony Ferrara",
-			"email": "ircmaxell@php.net",
-			"homepage": "http://blog.ircmaxell.com"
-		}
-	],
-	"autoload": {
-		"files": ["lib/password.php"]
-	}
-}
+    "name": "ircmaxell/password-compat",
+    "description": "A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password_hash",
+    "keywords": ["password", "hashing"],
+    "homepage": "https://github.com/ircmaxell/password_compat",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Anthony Ferrara",
+            "email": "ircmaxell@php.net",
+            "homepage": "http://blog.ircmaxell.com"
+        }
+    ],
+    "require-dev": {
+        "phpunit/phpunit": "4.*"
+    },
+    "autoload": {
+        "files": ["lib/password.php"]
+    }
+}