Gdn_PasswordHash::checkYAF PHP Method

Gdn_PasswordHash Class Documentation Show file Open project: vanilla/vanilla

checkYAF() protected method

Check a YAF hash.

protected checkYAF ( string $Password, string $StoredHash ) : boolean
$Password	string	The plaintext password to check.
$StoredHash	string	The password hash stored in the database.
return	boolean	Returns true if the password matches the hash or false if it doesn't.

    protected function checkYAF($Password, $StoredHash)
    {
        if (strpos($StoredHash, '$') === false) {
            return md5($Password) == $StoredHash;
        } else {
            ini_set('mbstring.func_overload', "0");
            list($Method, $Salt, $Hash, $Compare) = explode('$', $StoredHash);
            $Salt = base64_decode($Salt);
            $Hash = bin2hex(base64_decode($Hash));
            $Password = mb_convert_encoding($Password, 'UTF-16LE');
            // There are two ways of building the hash string in yaf.
            if ($Compare == 's') {
                // Compliant with ASP.NET Membership method of hash/salt
                $HashString = $Salt . $Password;
            } else {
                // The yaf algorithm has a quirk where they knock a
                $HashString = substr($Password, 0, -1) . $Salt . chr(0);
            }
            $CalcHash = hash($Method, $HashString);
            return $Hash == $CalcHash;
        }
    }

Gdn_PasswordHash

checkPassword

checkYAF

getAlgorithm

hashPassword

hashPasswordPhpass