public function __construct($cost = 9)
{
if (CRYPT_BLOWFISH != 1) {
throw new OSS_Crypt_Exception('CRYPT_BLOWFISH unavailable. See http://php.net/crypt');
}
self::$_cost = $cost;
}
/**
* A generic password verification function for various hashing methods using a given configuration array
*
* @see hash() for full documentation
*
* @param string $pwplain The plaintext password
* @param string $pwhash The hashed password to use for verification
* @param array $config The resources.auth.oss array from `application.ini`
* @throws OSS_Exception
* @return bool True if the passwords match
*/
public static function verify($pwplain, $pwhash, $config)
{
$hash = self::HASH_UNKNOWN;
if (is_array($config)) {
if (!isset($config['pwhash'])) {
throw new OSS_Exception('Cannot verify password without a hash method');
}
$hash = $config['pwhash'];
} else {
$hash = $config;
}
switch ($config['pwhash']) {
case self::HASH_BCRYPT:
if (!isset($config['hash_cost'])) {
$config['hash_cost'] = 9;
}
$bcrypt = new OSS_Crypt_Bcrypt($config['hash_cost']);
return $bcrypt->verify($pwplain, $pwhash);
break;
}
if (substr($hash, 0, 6) == 'crypt:') {
return crypt($pwplain, $pwhash) == $pwhash;
}
if (substr($hash, 0, 8) == 'dovecot:') {
return ViMbAdmin_Dovecot::passwordVerify(substr($hash, 8), $pwhash, $pwplain, $config['username']);
}
return $pwhash == self::hash($pwplain, $config);
}
