PHP :: Bug #77225 :: Object class does not function

Bug #77225	Object class does not function
Submitted:	2018-11-30 14:31 UTC	Modified:	2018-12-09 04:22 UTC
From:	magnus at feitocubo dot com dot br	Assigned:	cmb (profile)
Status:	No Feedback	Package:	hash related
PHP Version:	7.2.12	OS:	LINUX/UNIX
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	magnus at feitocubo dot com dot br
New email:
PHP Version:		OS:

New Comment:

[2018-11-30 14:31 UTC] magnus at feitocubo dot com dot br

Description:
------------
PASSWORD_HASH does not function into object class.

When we declare one kind of class and these object works with a function that return a string HASHed using, inside this function, the PASSWORD_HASH function, become a wrong functionality when we check hash string with PASSWORD_VERIFY function.
So, using PASSWORD_VERIFY to validate a HASH string, using a object class, returns always FALSE. Only using PASSWORD_HASH directly in the line to generate a HASH works ok, in the objetct class doesn't work.
some type of microtime in the object's instantiation of memory is affecting the HASH generation with the PASSWORD_HASH function inside the LINUX / UNIX OS. This proceeds?


class HashController{
		/**
		* Definição de variáveis privadas - uso interno na classe
		*
		*/
		private $AlgoType = PASSWORD_DEFAULT;
		private $CostOfProcess = ['cost'=>10];
		private $InputString = null;
		private $TargetTimeToGo = 0.1;

		/**
		* fncGetHashString - Gera chave HASH
		*
		* @since 0.1
		* @access public
		* @return string - Criptografia de string do sistema
		*/		
		public function fncGetHashString ($InputString) : String {
			if (empty($InputString)){
				return null;
			} else{ 
				return password_hash($this->InputString, (int)$this->AlgoType, $this->CostOfProcess);
			}
		}
		
		/**
		* fncSetCostOfProcess - Configura a variável privada VCost -  custo de processamento da chave HASH
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetCostOfProcess ($Cost) {
			if ((isset($Cost)) && ($Cost > 0)){
				$this->CostOfProcess = ['cost'=>(int)$Cost];
			}			
		}

		/**
		* fncSetAlgoType - Configura a variável privada AlgoType -  tipo algoritmo para hash
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetAlgoType ($inAlgoType) {
			if (isset($inAlgoType)) {
				$this->AlgoType = $inAlgoType;
			}			
		}
		
		/**
		* fncBestCostProcess - Gera valor de melhor custo de processamento
		* da chave HASH
		*
		* @since 0.1
		* @access public
		* @return int - Valor do melhor custo encontrado
		*/		
		public function fncBestCostProcess ($InputUserPassword, $inTargetTimeToGo) : int {
			$VCost = 8;
						
			if ((!isset($inTargetTimeToGo)) || (is_null($inTargetTimeToGo))) {
				$inTargetTimeToGo 	= $this->TargetTimeToGo;
			}
			
			do{
				$VCost++;
				$StartTime			= microtime(true);
				password_hash($InputUserPassword, (int)$this->AlgoType, ['cost' => $VCost]);
				$EndTime			= microtime(true);
			} while (($EndTime - $StartTime) < $inTargetTimeToGo);
						
			return $VCost;			
		}
}

Test script:
---------------
class HashController{
		/**
		* Definição de variáveis privadas - uso interno na classe
		*
		*/
		private $AlgoType = PASSWORD_DEFAULT;
		private $CostOfProcess = ['cost'=>10];
		private $InputString = null;
		private $TargetTimeToGo = 0.1;

		/**
		* fncGetHashString - Gera chave HASH
		*
		* @since 0.1
		* @access public
		* @return string - Criptografia de string do sistema
		*/		
		public function fncGetHashString ($InputString) : String {
			if (empty($InputString)){
				return null;
			} else{ 
				return password_hash($this->InputString, (int)$this->AlgoType, $this->CostOfProcess);
			}
		}
		
		/**
		* fncSetCostOfProcess - Configura a variável privada VCost -  custo de processamento da chave HASH
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetCostOfProcess ($Cost) {
			if ((isset($Cost)) && ($Cost > 0)){
				$this->CostOfProcess = ['cost'=>(int)$Cost];
			}			
		}

		/**
		* fncSetAlgoType - Configura a variável privada AlgoType -  tipo algoritmo para hash
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetAlgoType ($inAlgoType) {
			if (isset($inAlgoType)) {
				$this->AlgoType = $inAlgoType;
			}			
		}
		
		/**
		* fncBestCostProcess - Gera valor de melhor custo de processamento
		* da chave HASH
		*
		* @since 0.1
		* @access public
		* @return int - Valor do melhor custo encontrado
		*/		
		public function fncBestCostProcess ($InputUserPassword, $inTargetTimeToGo) : int {
			$VCost = 8;
						
			if ((!isset($inTargetTimeToGo)) || (is_null($inTargetTimeToGo))) {
				$inTargetTimeToGo 	= $this->TargetTimeToGo;
			}
			
			do{
				$VCost++;
				$StartTime			= microtime(true);
				password_hash($InputUserPassword, (int)$this->AlgoType, ['cost' => $VCost]);
				$EndTime			= microtime(true);
			} while (($EndTime - $StartTime) < $inTargetTimeToGo);
						
			return $VCost;			
		}
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-11-30 15:42 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2018-11-30 15:42 UTC] cmb@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2018-12-09 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 12:01:32 2025 UTC