> On 23 Aug 2015, at 18:37, Thomas Bley <ma...@thomasbley.de> wrote:
>
>
> consider this code:
>
> declare(strict_types=0);
> ini_set('display_errors', '1');
>
> function get_random_int(): int {
> return false;
> }
> echo get_random_int();
>
> and then use strict_types=1
So you're implying that in case of returning false with strict_types turned on
that would just throw a TypeError? That would be a bug in PHP. If you were
saying that in this case it should throw a different kind of error (the one
that was proposed by Anthony initially) then it wouldn't make sense again
because then you're creating a straight relation between having strict_types
mode turned on and random_int() throwing exception about not getting a reliable
source of entropy.
> Even correct return values of random_int() might create bad passwords.
> So I propose to have a function in core which tests the strength of the
> password:
>
> $password = '';
> for ($i = 0; $i < 10; $i++) {
> $password .= $characters[random_int(0, 30)];
> }
> if (password_strength($password) < PHP_PASSWORD_STRONG) {
> throw new Exception("password not strong enough");
> }
I don't think it's a good idea, a language delivers features that user would
have a hard time implementing themselves, a small blocks from which you can
build whatever you want. A function that checks if a string contains
alpha-numeric symbols as well as punctuation is pretty easy to implement in
user land.
PS sorry Thomas, I sent it to you personally, not to ML
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
