From 65a88e9c53341de0dc4f71d0497f78df20702107 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 22 May 2023 15:33:44 +0200
Subject: Type annotations, better RNG

---
 inc/arrayutil.inc.php |  6 ++----
 inc/crypto.inc.php    | 12 +++++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/inc/arrayutil.inc.php b/inc/arrayutil.inc.php
index d930a254..9ce5730f 100644
--- a/inc/arrayutil.inc.php
+++ b/inc/arrayutil.inc.php
@@ -10,7 +10,7 @@ class ArrayUtil
 	 * @param string $key
 	 * @return array
 	 */
-	public static function flattenByKey(array $list, string $key)
+	public static function flattenByKey(array $list, string $key): array
 	{
 		return array_column($list, $key);
 	}
@@ -21,7 +21,7 @@ class ArrayUtil
 	 * @param array $arrays
 	 * @return array
 	 */
-	public static function mergeByKey(array $arrays)
+	public static function mergeByKey(array $arrays): array
 	{
 		$empty = array_combine(array_keys($arrays), array_fill(0, count($arrays), false));
 		$out = [];
@@ -57,8 +57,6 @@ class ArrayUtil
 	 */
 	public static function hasAllKeys(array $array, array $keyList): bool
 	{
-		if (!is_array($array))
-			return false;
 		foreach ($keyList as $key) {
 			if (!isset($array[$key]))
 				return false;
diff --git a/inc/crypto.inc.php b/inc/crypto.inc.php
index eb0d344f..d26a94ab 100644
--- a/inc/crypto.inc.php
+++ b/inc/crypto.inc.php
@@ -8,20 +8,22 @@ class Crypto
 	 * which translates to ~130 bit salt
 	 * and 5000 rounds of hashing with SHA-512.
 	 */
-	public static function hash6($password)
+	public static function hash6(string $password): string
 	{
 		$salt = substr(str_replace('+', '.',
-			base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 16);
+			base64_encode(Util::randomBytes(16))), 0, 16);
 		$hash = crypt($password, '$6$' . $salt);
-		if (strlen($hash) < 60) ErrorHandler::traceError('Error hashing password using SHA-512');
+		if ($hash === null || strlen($hash) < 60) {
+			ErrorHandler::traceError('Error hashing password using SHA-512');
+		}
 		return $hash;
 	}
 
 	/**
-	 * Check if the given password matches the given cryp hash.
+	 * Check if the given password matches the given crypt hash.
 	 * Useful for checking a hashed password.
 	 */
-	public static function verify($password, $hash)
+	public static function verify(string $password, string $hash): bool
 	{
 		return crypt($password, $hash) === $hash;
 	}
-- 
cgit v1.2.3-55-g7522