From 72b984568c7a16f5744b653703f28f5f8d7fa4f5 Mon Sep 17 00:00:00 2001
From: Bruce Weirdan <weirdan@gmail.com>
Date: Sun, 20 Dec 2015 19:30:06 +0200
Subject: [PATCH 1/3] ignore phpenv config

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 81b9258..89b9c64 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 composer.lock
 phpunit.xml
 vendor
+.php-version

From db0863a8a59fdfc2e74b3e483845afc677800315 Mon Sep 17 00:00:00 2001
From: Bruce Weirdan <weirdan@gmail.com>
Date: Sun, 20 Dec 2015 19:31:01 +0200
Subject: [PATCH 2/3] accept DES hashes (as native password_verify() does)

---
 lib/password.php                 | 4 ++--
 test/Unit/PasswordVerifyTest.php | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/password.php b/lib/password.php
index f07fafb..9bd56ea 100644
--- a/lib/password.php
+++ b/lib/password.php
@@ -12,7 +12,7 @@
     if (!defined('PASSWORD_BCRYPT')) {
         /**
          * PHPUnit Process isolation caches constants, but not function declarations.
-         * So we need to check if the constants are defined separately from 
+         * So we need to check if the constants are defined separately from
          * the functions to enable supporting process isolation in userland
          * code.
          */
@@ -236,7 +236,7 @@ function password_verify($password, $hash) {
                 return false;
             }
             $ret = crypt($password, $hash);
-            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) {
+            if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) < 13) {
                 return false;
             }
 
diff --git a/test/Unit/PasswordVerifyTest.php b/test/Unit/PasswordVerifyTest.php
index 9f67bb9..b6d4116 100644
--- a/test/Unit/PasswordVerifyTest.php
+++ b/test/Unit/PasswordVerifyTest.php
@@ -1,7 +1,7 @@
 <?php
 
 class PasswordVerifyTest extends PHPUnit_Framework_TestCase {
-    
+
     public function testFuncExists() {
         $this->assertTrue(function_exists('password_verify'));
     }
@@ -26,4 +26,8 @@ public function testInValidHash() {
         $this->assertFalse(password_verify('rasmuslerdorf', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hj'));
     }
 
-}
\ No newline at end of file
+    public function testDesHashesAreAccepted() {
+        $this->assertTrue(password_verify('rasmuslerdorf', crypt('rasmuslerdorf', 'AB')));
+    }
+
+}

From 7f1fafc9eecd49c393e73e556b7b46d76df44a57 Mon Sep 17 00:00:00 2001
From: Bruce Weirdan <weirdan@gmail.com>
Date: Sun, 20 Dec 2015 20:15:00 +0200
Subject: [PATCH 3/3] Revert "ignore phpenv config"

This reverts commit 72b984568c7a16f5744b653703f28f5f8d7fa4f5.
Keep grumpy people happy.
---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 89b9c64..81b9258 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
 composer.lock
 phpunit.xml
 vendor
-.php-version