Add max password length constant

alextselegidis · May 9, 2022 · e3d3673 · e3d3673
1 parent 63dbb51
commit e3d3673
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/application/config/constants.php b/application/config/constants.php
@@ -79,6 +79,7 @@
 define('TIME_FORMAT_MILITARY', 'military');
 
 define('MIN_PASSWORD_LENGTH', 7);
+define('MAX_PASSWORD_LENGTH', 100);
 define('ANY_PROVIDER', 'any-provider');
 
 define('CALENDAR_VIEW_DEFAULT', 'default');

diff --git a/application/helpers/password_helper.php b/application/helpers/password_helper.php
@@ -22,9 +22,16 @@
  * @param string $password Given string password.
  *
  * @return string Returns the hash string of the given password.
+ *
+ * @throws Exception
  */
 function hash_password(string $salt, string $password): string
 {
+    if (strlen($password) > MAX_PASSWORD_LENGTH)
+    {
+        throw new Exception('The provided password is too long, please use a shorter value.');
+    }
+
     $half = (int)(strlen($salt) / 2);
 
     $hash = hash('sha256', substr($salt, 0, $half) . $password . substr($salt, $half));