protected function checkYAF($Password, $StoredHash)
{
if (strpos($StoredHash, '$') === false) {
return md5($Password) == $StoredHash;
} else {
ini_set('mbstring.func_overload', "0");
list($Method, $Salt, $Hash, $Compare) = explode('$', $StoredHash);
$Salt = base64_decode($Salt);
$Hash = bin2hex(base64_decode($Hash));
$Password = mb_convert_encoding($Password, 'UTF-16LE');
// There are two ways of building the hash string in yaf.
if ($Compare == 's') {
// Compliant with ASP.NET Membership method of hash/salt
$HashString = $Salt . $Password;
} else {
// The yaf algorithm has a quirk where they knock a
$HashString = substr($Password, 0, -1) . $Salt . chr(0);
}
$CalcHash = hash($Method, $HashString);
return $Hash == $CalcHash;
}
}