ponepaste/includes/passwords.php

<?php
require_once(__DIR__ . '/config.php');

function pp_password_hash(string $password) : string {
    return 'P' . password_hash($password . PP_PASSWORD_PEPPER, PASSWORD_BCRYPT);
}

function pp_password_verify(string $password, string $hash, bool &$needs_rehash = null) : bool {
    /* New, peppered hash. */
    if ($hash[0] === 'P') {
        if ($needs_rehash !== null) {
            $needs_rehash = false;
        }

        return password_verify($password . PP_PASSWORD_PEPPER, substr($hash, 1));
    }

    /* Old, unpeppered hash. */
    if ($needs_rehash !== null) {
        $needs_rehash = true;
    }

    return password_verify($password, $hash);
}
Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`<?php`
			`require_once(__DIR__ . '/config.php');`

			`function pp_password_hash(string $password) : string {`
Implement password peppering. 2021-07-17 12:33:08 -04:00			`return 'P' . password_hash($password . PP_PASSWORD_PEPPER, PASSWORD_BCRYPT);`
Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`}`

Implement password peppering. 2021-07-17 12:33:08 -04:00			`function pp_password_verify(string $password, string $hash, bool &$needs_rehash = null) : bool {`
Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`/* New, peppered hash. */`
			`if ($hash[0] === 'P') {`
Implement password peppering. 2021-07-17 12:33:08 -04:00			`if ($needs_rehash !== null) {`
			`$needs_rehash = false;`
			`}`

Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00			`return password_verify($password . PP_PASSWORD_PEPPER, substr($hash, 1));`
			`}`

			`/* Old, unpeppered hash. */`
Implement password peppering. 2021-07-17 12:33:08 -04:00			`if ($needs_rehash !== null) {`
			`$needs_rehash = true;`
			`}`
Move some stuff around, remove oauth stuff 2021-07-17 12:26:33 -04:00
			`return password_verify($password, $hash);`
			`}`