php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77225 Object class does not function
Submitted: 2018-11-30 14:31 UTC Modified: 2018-12-09 04:22 UTC
From: magnus at feitocubo dot com dot br Assigned: cmb (profile)
Status: No Feedback Package: hash related
PHP Version: 7.2.12 OS: LINUX/UNIX
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: magnus at feitocubo dot com dot br
New email:
PHP Version: OS:

 

 [2018-11-30 14:31 UTC] magnus at feitocubo dot com dot br
Description:
------------
PASSWORD_HASH does not function into object class.

When we declare one kind of class and these object works with a function that return a string HASHed using, inside this function, the PASSWORD_HASH function, become a wrong functionality when we check hash string with PASSWORD_VERIFY function.
So, using PASSWORD_VERIFY to validate a HASH string, using a object class, returns always FALSE. Only using PASSWORD_HASH directly in the line to generate a HASH works ok, in the objetct class doesn't work.
some type of microtime in the object's instantiation of memory is affecting the HASH generation with the PASSWORD_HASH function inside the LINUX / UNIX OS. This proceeds?


class HashController{
		/**
		* Definição de variáveis privadas - uso interno na classe
		*
		*/
		private $AlgoType = PASSWORD_DEFAULT;
		private $CostOfProcess = ['cost'=>10];
		private $InputString = null;
		private $TargetTimeToGo = 0.1;

		/**
		* fncGetHashString - Gera chave HASH
		*
		* @since 0.1
		* @access public
		* @return string - Criptografia de string do sistema
		*/		
		public function fncGetHashString ($InputString) : String {
			if (empty($InputString)){
				return null;
			} else{ 
				return password_hash($this->InputString, (int)$this->AlgoType, $this->CostOfProcess);
			}
		}
		
		/**
		* fncSetCostOfProcess - Configura a variável privada VCost -  custo de processamento da chave HASH
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetCostOfProcess ($Cost) {
			if ((isset($Cost)) && ($Cost > 0)){
				$this->CostOfProcess = ['cost'=>(int)$Cost];
			}			
		}

		/**
		* fncSetAlgoType - Configura a variável privada AlgoType -  tipo algoritmo para hash
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetAlgoType ($inAlgoType) {
			if (isset($inAlgoType)) {
				$this->AlgoType = $inAlgoType;
			}			
		}
		
		/**
		* fncBestCostProcess - Gera valor de melhor custo de processamento
		* da chave HASH
		*
		* @since 0.1
		* @access public
		* @return int - Valor do melhor custo encontrado
		*/		
		public function fncBestCostProcess ($InputUserPassword, $inTargetTimeToGo) : int {
			$VCost = 8;
						
			if ((!isset($inTargetTimeToGo)) || (is_null($inTargetTimeToGo))) {
				$inTargetTimeToGo 	= $this->TargetTimeToGo;
			}
			
			do{
				$VCost++;
				$StartTime			= microtime(true);
				password_hash($InputUserPassword, (int)$this->AlgoType, ['cost' => $VCost]);
				$EndTime			= microtime(true);
			} while (($EndTime - $StartTime) < $inTargetTimeToGo);
						
			return $VCost;			
		}
}

Test script:
---------------
class HashController{
		/**
		* Definição de variáveis privadas - uso interno na classe
		*
		*/
		private $AlgoType = PASSWORD_DEFAULT;
		private $CostOfProcess = ['cost'=>10];
		private $InputString = null;
		private $TargetTimeToGo = 0.1;

		/**
		* fncGetHashString - Gera chave HASH
		*
		* @since 0.1
		* @access public
		* @return string - Criptografia de string do sistema
		*/		
		public function fncGetHashString ($InputString) : String {
			if (empty($InputString)){
				return null;
			} else{ 
				return password_hash($this->InputString, (int)$this->AlgoType, $this->CostOfProcess);
			}
		}
		
		/**
		* fncSetCostOfProcess - Configura a variável privada VCost -  custo de processamento da chave HASH
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetCostOfProcess ($Cost) {
			if ((isset($Cost)) && ($Cost > 0)){
				$this->CostOfProcess = ['cost'=>(int)$Cost];
			}			
		}

		/**
		* fncSetAlgoType - Configura a variável privada AlgoType -  tipo algoritmo para hash
		*
		* @since 0.1
		* @access public
		* @
		*/		
		public function fncSetAlgoType ($inAlgoType) {
			if (isset($inAlgoType)) {
				$this->AlgoType = $inAlgoType;
			}			
		}
		
		/**
		* fncBestCostProcess - Gera valor de melhor custo de processamento
		* da chave HASH
		*
		* @since 0.1
		* @access public
		* @return int - Valor do melhor custo encontrado
		*/		
		public function fncBestCostProcess ($InputUserPassword, $inTargetTimeToGo) : int {
			$VCost = 8;
						
			if ((!isset($inTargetTimeToGo)) || (is_null($inTargetTimeToGo))) {
				$inTargetTimeToGo 	= $this->TargetTimeToGo;
			}
			
			do{
				$VCost++;
				$StartTime			= microtime(true);
				password_hash($InputUserPassword, (int)$this->AlgoType, ['cost' => $VCost]);
				$EndTime			= microtime(true);
			} while (($EndTime - $StartTime) < $inTargetTimeToGo);
						
			return $VCost;			
		}
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-11-30 15:42 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2018-11-30 15:42 UTC] cmb@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.
 [2018-12-09 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 02:01:28 2024 UTC