After upgrading to php7, BCryptPasswordEncoder throws the following error, for example. when registering using the standard FOSUserBundle registration page:
"Using the salt option for password_hash is deprecated in C: \ xampp \ htdocs \ ascentary \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Security \ Core \ Encoder \ BCryptPasswordEncoder.php line 81 msgstr"
I traced this problem, and the problem is the FOS UserManager class, which calls:
public function updatePassword(UserInterface $user) { if (0 !== strlen($password = $user->getPlainPassword())) { $encoder = $this->getEncoder($user); $user->setPassword($encoder->encodePassword($password, $user->getSalt())); $user->eraseCredentials(); } }
Passing here $ user-> getSalt () throws an error because on php7 you are no longer allowed to pass a custom salt for the bcrypt encoding / password_hash function. In addition, I see a problem in the user base fos object, because in its constructor the salt is set like this:
$this->salt = base_convert(sha1(uniqid(mt_rand(), true)), 16, 36);
Questions:
(1) How to solve the error I wrote above? Maybe override UserManager or is there a solution provided by fos?
(2) How to protect salt that is automatically generated?
(3) Are any other updates required, such as the ircmaxell lib update?
source share