mirror of
https://github.com/FreshRSS/FreshRSS.git
synced 2026-01-22 20:28:00 -05:00
51edbc1578
* Keep the user on login page on failure * Show an error if username already exists * Check the password format in the backend * Return a better message if username is invalid * Add a title to the login page * wip: Improve look of login and register pages * Set a capital M in username help message On the registration page, username tip started with a minuscule, while the password tip started with a capital. * Change message if username is taken
41 lines
911 B
PHP
41 lines
911 B
PHP
<?php
|
|
|
|
class FreshRSS_password_Util {
|
|
// Will also have to be computed client side on mobile devices,
|
|
// so do not use a too high cost
|
|
const BCRYPT_COST = 9;
|
|
|
|
/**
|
|
* Return a hash of a plain password, using BCRYPT
|
|
*
|
|
* @param string
|
|
* @return string
|
|
*/
|
|
public static function hash($passwordPlain) {
|
|
$passwordHash = password_hash(
|
|
$passwordPlain,
|
|
PASSWORD_BCRYPT,
|
|
array('cost' => self::BCRYPT_COST)
|
|
);
|
|
$passwordPlain = '';
|
|
|
|
// Compatibility with bcrypt.js
|
|
$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);
|
|
|
|
return $passwordHash == '' ? '' : $passwordHash;
|
|
}
|
|
|
|
/**
|
|
* Verify the given password is valid.
|
|
*
|
|
* A valid password is a string of at least 7 characters.
|
|
*
|
|
* @param string $password
|
|
*
|
|
* @return boolean True if the password is valid, false otherwise
|
|
*/
|
|
public static function check($password) {
|
|
return strlen($password) >= 7;
|
|
}
|
|
}
|