Fix see password_hash error warning in PHP 7 #8399

9 years ago · 0ec01dbd5a
parent 32733c9e3f
commit 0ec01dbd5a
3 changed files with 27 additions and 39 deletions
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -102,21 +102,8 @@ class UserManager
    private static function getEncoderFactory()
    {
        $encryption = self::getPasswordEncryption();
-        switch ($encryption) {
-            case 'none':
-                $defaultEncoder = new PlaintextPasswordEncoder();
-                break;
-            case 'sha1':
-            case 'md5':
-                $defaultEncoder = new MessageDigestPasswordEncoder($encryption, false, 1);
-                break;
-            case 'bcrypt':
-                $defaultEncoder = new BCryptPasswordEncoder(4);
-                break;
-        }
-
        $encoders = array(
-            'Chamilo\\UserBundle\\Entity\\User' => $defaultEncoder
+            'Chamilo\\UserBundle\\Entity\\User' => new \Chamilo\UserBundle\Security\Encoder($encryption)
        );

        $encoderFactory = new EncoderFactory($encoders);
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -334,19 +334,11 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
            if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
                $uData['auth_source'] == CAS_AUTH_SOURCE
            ) {
-                $validPassword = false;
-                //$user = $userManager->findUserByUsername($login);
-
-
-                    $validPassword = UserManager::isPasswordValid(
-                        $uData['password'],
-                        $password,
-                        $uData['salt']
-                    );
-
-
-                // The authentication of this user is managed by Chamilo itself
-                //$password = api_get_encrypted_password(trim(stripslashes($password)));
+                $validPassword = UserManager::isPasswordValid(
+                    $uData['password'],
+                    $password,
+                    $uData['salt']
+                );

                // Check the user's password
                if (($validPassword || $cas_login) &&
--- a/src/Chamilo/UserBundle/Security/Encoder.php
+++ b/src/Chamilo/UserBundle/Security/Encoder.php
@ -16,6 +16,7 @@ use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
 class Encoder implements PasswordEncoderInterface
 {
    protected $method;
+    protected $defaultEncoder;

    /**
     * @param $method
@ -23,16 +24,6 @@ class Encoder implements PasswordEncoderInterface
    public function __construct($method)
    {
        $this->method = $method;
-    }
-
-    /**
-     * @param string $raw
-     * @param string $salt
-     * @return string
-     */
-    public function encodePassword($raw, $salt)
-    {
-
        switch ($this->method) {
            case 'none':
                $defaultEncoder = new PlaintextPasswordEncoder();
@ -45,8 +36,22 @@ class Encoder implements PasswordEncoderInterface
                $defaultEncoder = new MessageDigestPasswordEncoder($this->method, false, 1);
                break;
        }
+        $this->defaultEncoder = $defaultEncoder;
+    }
+
+    /**
+     * @param string $raw
+     * @param string $salt
+     *
+     * @return string
+     */
+    public function encodePassword($raw, $salt)
+    {
+        if ($this->method === 'bcrypt') {
+            $salt = null;
+        }

-        return $defaultEncoder->encodePassword($raw, $salt);
+        return $this->defaultEncoder->encodePassword($raw, $salt);
    }

    /**
@ -57,6 +62,10 @@ class Encoder implements PasswordEncoderInterface
     */
    public function isPasswordValid($encoded, $raw, $salt)
    {
-        return $encoded === $this->encodePassword($raw, $salt);
+        if ($this->method === 'bcrypt') {
+            $salt = null;
+        }
+
+        return $this->defaultEncoder->isPasswordValid($encoded, $raw, $salt);
    }
 }