Maintains compatibility between old version and the new cookie authentication
protocol using PHPass library. The $hash parameter is the encrypted password
and the function compares the plain text password when encrypted similarly
against the already encrypted password to see if they match.
For integration with other applications, this function can be overwritten to
instead use the other package password checking algorithm.
| public check ( string $password, string $hash, string | integer $user_id = '' ) : boolean | ||
| $password | string | Plaintext user's password |
| $hash | string | Hash of the user's password to check against. |
| $user_id | string | integer | Optional. User ID. |
| return | boolean | False, if the $password does not match the hashed password |
public function testPasswordService()
{
$checker = new PasswordService();
$this->assertTrue($checker->check('admin', $checker->makeHash('admin')));
$this->assertTrue($checker->check('admin', '$P$BrYiES.08ardK6pQme0LdlmQ0idrIe/'));
$this->assertTrue($checker->check('rEn2b2N3TX', $checker->makeHash('rEn2b2N3TX')));
$this->assertTrue($checker->check('+0q?\'t&SBT\'*2VBk7UE(,uj6UG23Us', $checker->makeHash('+0q?\'t&SBT\'*2VBk7UE(,uj6UG23Us')));
}
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
if (!isset($credentials['password'])) {
return false;
}
$passwordService = new PasswordService();
return $passwordService->check($credentials['password'], $user->user_pass);
}
