WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21022, comment 79


Ignore:
Timestamp:
09/27/2016 04:12:01 PM (5 years ago)
Author:
tomdxw
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21022, comment 79

    initial v1  
    11I looked over the past year of comments on this ticket and made a TODO list:
    22
    3 1. if PHP version >= 5.5.0, use the PHP function password_hash() (for lower versions of PHP, keep using PasswordHash class from phpass)
    4 2. if PHP version >= 5.3.7, set the $portable_hashes parameter to false (for lower versions of PHP, leave $portable_hashes set to true)
     31. add password_hash()/password_verify() functions from this library: https://github.com/ircmaxell/password_compat/
     42. if PHP version >= 5.3.7, use the PHP password_hash()/password_verify() functions (for lower versions of PHP, keep using PasswordHash class from phpass)
    553. when a user logs in, if the site is using bcrypt and their password is hashed using portable hashes, update their hash to a bcrypt hash
    664. when a user logs in, if the site is *not* using bcrypt and their password is hashed using bcrypt (i.e. when PHP is downgraded), automatically send a password reset and show a message saying "Sorry, something has gone wrong and you must reset your password. A link has been sent to the email address you registered with. <a href="https://codex.wordpress.org/Foobar">More information</a>."