/**
* Compares a given hash with a clean text password by figuring out the
* algorithm that has been used and then calling the appropriate sub-class
*
* @see cryptography.MD5#compare()
* @see cryptography.SHA1#compare()
* @see cryptography.PBKDF2#compare()
*
* @param string $input
* the cleartext password
* @param string $hash
* the hash the password should be checked against
* @param boolean $isHash
* @return boolean
* the result of the comparison
*/
public static function compare($input, $hash, $isHash = false)
{
$version = substr($hash, 0, 8);
if ($isHash == true) {
return $input == $hash;
} elseif ($version == 'PBKDF2v1') {
// salted PBKDF2
return PBKDF2::compare($input, $hash);
} elseif (strlen($hash) == 40) {
// legacy, unsalted SHA1
return SHA1::compare($input, $hash);
} elseif (strlen($hash) == 32) {
// legacy, unsalted MD5
return MD5::compare($input, $hash);
} else {
// the hash provided doesn't make any sense
return false;
}
}
