public function __construct($cost = 9) { if (CRYPT_BLOWFISH != 1) { throw new OSS_Crypt_Exception('CRYPT_BLOWFISH unavailable. See http://php.net/crypt'); } self::$_cost = $cost; }
/** * A generic password verification function for various hashing methods using a given configuration array * * @see hash() for full documentation * * @param string $pwplain The plaintext password * @param string $pwhash The hashed password to use for verification * @param array $config The resources.auth.oss array from `application.ini` * @throws OSS_Exception * @return bool True if the passwords match */ public static function verify($pwplain, $pwhash, $config) { $hash = self::HASH_UNKNOWN; if (is_array($config)) { if (!isset($config['pwhash'])) { throw new OSS_Exception('Cannot verify password without a hash method'); } $hash = $config['pwhash']; } else { $hash = $config; } switch ($config['pwhash']) { case self::HASH_BCRYPT: if (!isset($config['hash_cost'])) { $config['hash_cost'] = 9; } $bcrypt = new OSS_Crypt_Bcrypt($config['hash_cost']); return $bcrypt->verify($pwplain, $pwhash); break; } if (substr($hash, 0, 6) == 'crypt:') { return crypt($pwplain, $pwhash) == $pwhash; } if (substr($hash, 0, 8) == 'dovecot:') { return ViMbAdmin_Dovecot::passwordVerify(substr($hash, 8), $pwhash, $pwplain, $config['username']); } return $pwhash == self::hash($pwplain, $config); }