mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-05 15:47:25 +02:00
Code Issues Releases Wiki Activity

Do not validate password earlier than necessary

Browse Source
This commit is contained in:
Marco
2017-02-16 08:18:48 +01:00
parent c6213a6081
commit 188086f2e4
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Auth.php
View File

@@ -771,7 +771,6 @@ class Auth {
*/ */
private function authenticateUserInternal($password, $email, $rememberDuration = null) { private function authenticateUserInternal($password, $email, $rememberDuration = null) {
$email = self::validateEmailAddress($email); $email = self::validateEmailAddress($email);
$password = self::validatePassword($password);
try { try {
$userData = $this->db->selectRow( $userData = $this->db->selectRow(
@@ -784,6 +783,8 @@ class Auth {
} }
if (!empty($userData)) { if (!empty($userData)) {
$password = self::validatePassword($password);
if (password_verify($password, $userData['password'])) { if (password_verify($password, $userData['password'])) {
// if the password needs to be re-hashed to keep up with improving password cracking techniques // if the password needs to be re-hashed to keep up with improving password cracking techniques
if (password_needs_rehash($userData['password'], PASSWORD_DEFAULT)) { if (password_needs_rehash($userData['password'], PASSWORD_DEFAULT)) {