Test for PHP 5.5 and require password_compatibility_library.php (devel)

[markc]

Let's try this one again in the devel branch for the 1-minimal and 2-advanced folders. I haven't even looked at the 4-full-mvc-framework sub-project yet. My editor strips trailing spaces, I hope that is okay.

[nyamsprod]

by reading the code in password_compatibility_library.php, the first check is to see if the constant PASSWORD_DEFAULT exists. so yes the require will be done but the library won't be read by PHP5.5+. I would suggest replicating this first check instead of using version compare. since some PHP version on RedHat which are using PHP version older than 5.3.7 could use the library. (https://github.com/ircmaxell/password_compat#requirements)

[panique]

@nyamsprod @markc What nyamsprod said is really interesting, as pulling this merge request would make the script unuseable for users with those special versions of php. Hmm... ircmaxwell, the creator of the php password_compat lib offers this little version checking thing here: https://github.com/ircmaxell/password_compat/blob/master/version-test.php

I think we should get completely rid of checking for the php version and relying on this test instead. What do you guys thing ?

[nyamsprod]

Following your remarks then you should add a requirement checker like this one below

function PhpLoginCanRun()
{
    if (defined('PASSWORD_DEFAULT')) {
        return true;
    }

    if (! function_exists('crypt')) {
        trigger_error(
            "Sorry, Simple PHP Login can not run on a PHP version without the crypt function !",
            E_USER_WARNING
        );
        return false;
    }
    $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
    $test = crypt("password", $hash);
    if (! ($test == $hash)) {
        trigger_error(
            "This PHP Version is using a broken crypt function, consider upgrading to the latest stable PHP version",
            E_USER_WARNING
        );
        return false;
    }
    return true;
}

if (! PhpLoginCanRun()) {
    die('PHP Login can not run with this PHP version. Please consider upgrading to the latest stable PHP version');
}

[markc]

My only concern is that if I am running PHP 5.5+ then I do not want to require the compat lib at all.

[nyamsprod]

Then I would suggest adding a comment before including the compatibility library explaining to the developer to comment the line if he is using PHP5.5+. Power users like you or me may in fact remove the line while the majority of user won't touch it. This has the benefit to satisfy everyone without affecting the script overall performance.

[panique]

Big Big THANKS again, I just released this into the develop branch (with only very very small changes)