/** * Checks a raw password against an encoded password. * * @param string $encoded An encoded password * @param string $raw A raw password * @param string $salt The salt * * @return Boolean true if the password is valid, false otherwise */ public function isPasswordValid($encoded, $raw, $salt) { if (substr($encoded, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5(). $stored_hash = substr($encoded, 1); $raw = md5($raw); } else { $stored_hash = $encoded; } $type = substr($stored_hash, 0, 3); switch ($type) { case '$S$': // A normal Drupal 7 password using sha512. $hash = _password_crypt('sha512', $raw, $stored_hash); break; case '$H$': // phpBB3 uses "$H$" for the same thing as "$P$". // phpBB3 uses "$H$" for the same thing as "$P$". case '$P$': // A phpass password generated using md5. This is an // imported password or from an earlier Drupal version. $hash = _password_crypt('md5', $raw, $stored_hash); break; default: return FALSE; } return $hash && $stored_hash == $hash; }
/** * Hash a password using a secure hash. * * @param $password * A plain-text password. * @param $count_log2 * Optional integer to specify the iteration count. Generally used only during * mass operations where a value less than the default is needed for speed. * * @return * A string containing the hashed password (and a salt), or FALSE on failure. */ function user_hash_password($password, $count_log2 = 0) { if (empty($count_log2)) { // Use the standard iteration count. $count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT); } return _password_crypt($password, _password_generate_salt($count_log2)); }
/** * Hash a password for Drupal, by using Drupal's password.inc * Set the relative location of your Drupal path, by setting * this->cnf['DrupalLocation'] in your configuration file. * * @params $password Plaintext password * @params $hashedpw Pre-hashed password from the Drupal DB * * @return String The hash of the password/pre-hash given * * @author Alex Shepherd <n00bATNOSPAMn00bsys0p.co.uk> **/ function _hashPW($password, $hashedpw) { $drupalroot = $this->cnf['DrupalRoot']; require_once $drupalroot . 'includes/password.inc'; if (!function_exists(_password_crypt)) { msg("Drupal installation not found. Please check your configuration", -1, __LINE__, __FILE__); $this->success = false; } $hash = _password_crypt('sha512', $password, $hashedpw); return $hash; }