mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-12 19:13:57 +02:00
Code Issues Releases Wiki Activity

mitigate timing attacks

Browse Source
This commit is contained in:
Dmytro Novash
2024-09-16 17:05:10 +03:00
parent 12dc406736
commit 142a397e9d
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/htpasswd.php
View File

@@ -52,9 +52,9 @@ class Htpasswd {
$apr1 = new APR1_MD5(); $apr1 = new APR1_MD5();
return $apr1->check($pass, $hash); return $apr1->check($pass, $hash);
} elseif (substr($hash, 0, 5) == '{SHA}') { } elseif (substr($hash, 0, 5) == '{SHA}') {
return base64_encode(sha1($pass, true)) == substr($hash, 5); return hash_equals(substr($hash, 5), base64_encode(sha1($pass, true)));
} else { // assume CRYPT } else { // assume CRYPT
return crypt($pass, $hash) == $hash; return hash_equals($hash, crypt($pass, $hash));
} }
} }
} }
@@ -133,6 +133,6 @@ class APR1_MD5 {
public static function check($plain, $hash) { public static function check($plain, $hash) {
$parts = explode('$', $hash); $parts = explode('$', $hash);
return self::hash($plain, $parts[2]) === $hash; return hash_equals($hash, self::hash($plain, $parts[2]));
} }
} }