/** * Check the validity of a hash. * * @param string $input Input to test. * @param string $hash Known hash to validate against. * @param string $password HMAC password to use during iterative hash. * * @return boolean */ public static function verify($input, $hash, $password) { // Get the salt value from the decrypted prefix $salt = Str::substr($hash, 0, 16); // Get the encrypted cost bytes $cost = self::bin2dec(Otp::crypt(Str::substr($hash, 28, 4), $password)); // Get the entire cost+hash blob for comparison $blob = Str::substr($hash, 16, 16); if (!Str::equal(self::costHash($cost, $salt, $password), $blob)) { return false; } // Return the boolean equivalence return Str::equal($hash, self::build($input, $password, $cost, $salt)); }
/** * @return \yii\db\ActiveQuery */ public function getOtps() { return $this->hasMany(Otp::className(), ['user_id' => 'id']); }