diff --git a/application/config/constants.php b/application/config/constants.php index 2888faa0..d75b062a 100644 --- a/application/config/constants.php +++ b/application/config/constants.php @@ -79,6 +79,7 @@ define('TIME_FORMAT_REGULAR', 'regular'); define('TIME_FORMAT_MILITARY', 'military'); define('MIN_PASSWORD_LENGTH', 7); +define('MAX_PASSWORD_LENGTH', 100); define('ANY_PROVIDER', 'any-provider'); define('CALENDAR_VIEW_DEFAULT', 'default'); diff --git a/application/helpers/password_helper.php b/application/helpers/password_helper.php index 19613eb4..4c86809e 100644 --- a/application/helpers/password_helper.php +++ b/application/helpers/password_helper.php @@ -22,9 +22,16 @@ * @param string $password Given string password. * * @return string Returns the hash string of the given password. + * + * @throws Exception */ function hash_password(string $salt, string $password): string { + if (strlen($password) > MAX_PASSWORD_LENGTH) + { + throw new Exception('The provided password is too long, please use a shorter value.'); + } + $half = (int)(strlen($salt) / 2); $hash = hash('sha256', substr($salt, 0, $half) . $password . substr($salt, $half));