/** * Compares a given hash with a clean text password by figuring out the * algorithm that has been used and then calling the appropriate sub-class * * @see cryptography.MD5#compare() * @see cryptography.SHA1#compare() * @see cryptography.PBKDF2#compare() * * @param string $input * the cleartext password * @param string $hash * the hash the password should be checked against * @param boolean $isHash * @return boolean * the result of the comparison */ public static function compare($input, $hash, $isHash = false) { $version = substr($hash, 0, 8); if ($isHash == true) { return $input == $hash; } elseif ($version == 'PBKDF2v1') { // salted PBKDF2 return PBKDF2::compare($input, $hash); } elseif (strlen($hash) == 40) { // legacy, unsalted SHA1 return SHA1::compare($input, $hash); } elseif (strlen($hash) == 32) { // legacy, unsalted MD5 return MD5::compare($input, $hash); } else { // the hash provided doesn't make any sense return false; } }