Skip to content

Commit

Permalink
[5.7] Remove depending on Hash::check() just for password verification.
Browse files Browse the repository at this point in the history 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
  • Loading branch information
@crynobone
crynobone committed Sep 18, 2018
1 parent 21ddb31 commit 09d24b6
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
10 changes: 8 additions & 2 deletions src/Illuminate/Auth/DatabaseUserProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,8 +152,14 @@ protected function getGenericUser($user)
*/
public function validateCredentials(UserContract $user, array $credentials)
{
return $this->hasher->check(
$credentials['password'], $user->getAuthPassword()
$hashed = $user->getAuthPassword();

if (strlen($hashed) === 0) {
return false;
}

return password_verify(
$credentials['password'], $hashed
);
}
}
7 changes: 6 additions & 1 deletion src/Illuminate/Auth/EloquentUserProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,8 +138,13 @@ public function retrieveByCredentials(array $credentials)
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
$hashed = $user->getAuthPassword();

return $this->hasher->check($plain, $user->getAuthPassword());
if (strlen($hashed) === 0) {
return false;
}

return password_verify($plain, $hashed);
}

/**
Expand Down

0 comments on commit 09d24b6

Please sign in to comment.