public CheckPassword ( String $password, String $stored_hash ) : boolean | ||
$password | String | |
$stored_hash | String | |
Résultat | boolean |
/** * Check the given plain value against a hash. * * @param string $value * @param string $hashedValue * @param array $options * @return bool */ public function check($value, $hashedValue, array $options = []) { if (strlen($hashedValue) === 0) { return false; } return $this->hasher->CheckPassword($value, $hashedValue); }
public function testPortableHashes() { $hasher = new PasswordHash(8, true); $correct = 'test12345'; $wrong = 'test12346'; $this->assertTrue($hasher->CheckPassword($correct, self::PORTABLE_HASH)); $this->assertFalse($hasher->CheckPassword($wrong, self::PORTABLE_HASH)); }
/** * Checks the plaintext password against the encrypted Password. * * Maintains compatibility between old version and the new cookie authentication * protocol using PHPass library. The $hash parameter is the encrypted password * and the function compares the plain text password when encrypted similarly * against the already encrypted password to see if they match. * * @uses PasswordHash::CheckPassword * * @param string $password Plaintext user's password * @param string $hash Hash of the user's password to check against. * * @return bool False, if the $password does not match the hashed password */ public function check($password, $hash) { // If the hash is still md5... if (strlen($hash) <= 32) { return $hash == md5($password); } // If the stored hash is longer than an MD5, presume the // new style phpass portable hash. return $this->wp_hasher->CheckPassword($password, $hash); }
/** * Check a user login request for username/password combinations. * * @param string $userName * @param string $password * * @return boolean */ protected function loginCheckPassword($userName, $password) { if (!($userEntity = $this->getUserEntity($userName))) { return false; } $hasher = new PasswordHash($this->app['access_control.hash.strength'], true); if (!$hasher->CheckPassword($password, $userEntity->getPassword())) { $this->loginFailed($userEntity); return false; } return $this->loginFinish($userEntity); }
/** * @param Post $post * @param Request $request * @param string $cookieHash * * @return bool */ public function isPasswordRequired(Post $post, Request $request, $cookieHash) { if (!$post->getPassword()) { return false; } $cookies = $request->cookies; if (!$cookies->has('wp-postpass_' . $cookieHash)) { return true; } $hash = stripslashes($cookies->get('wp-postpass_' . $cookieHash)); if (0 !== strpos($hash, '$P$B')) { return true; } $wpHasher = new PasswordHash(8, true); return !$wpHasher->CheckPassword($post->getPassword(), $hash); }
public function testSetRandomPassword() { $app = $this->getApp(); $this->addDefaultUser($app); $entityName = 'Bolt\\Storage\\Entity\\Users'; $repo = $app['storage']->getRepository($entityName); $logger = $this->getMock('\\Monolog\\Logger', ['info'], ['testlogger']); $logger->expects($this->atLeastOnce())->method('info')->with($this->equalTo("Password for user 'admin' was reset via Nut.")); $app['logger.system'] = $logger; $password = new Password($app); $newPass = $password->setRandomPassword('admin'); $userEntity = $repo->getUser('admin'); $hasher = new PasswordHash($app['access_control.hash.strength'], true); $compare = $hasher->CheckPassword($newPass, $userEntity->getPassword()); $this->assertTrue($compare); $this->assertEmpty($userEntity->getShadowpassword()); $this->assertEmpty($userEntity->getShadowtoken()); $this->assertNull($userEntity->getShadowvalidity()); }
/** * Attempt to login a user with the given password and username. * * @param string $username * @param string $password * * @return boolean */ protected function loginUsername($username, $password) { $userslug = $this->app['slugify']->slugify($username); // for once we don't use getUser(), because we need the password. $query = sprintf('SELECT * FROM %s WHERE username=?', $this->usertable); $query = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($query, 1); $user = $this->db->executeQuery($query, array($userslug), array(\PDO::PARAM_STR))->fetch(); if (empty($user)) { $this->session->getFlashBag()->add('error', Trans::__('Username or password not correct. Please check your input.')); return false; } $hasher = new PasswordHash($this->hashStrength, true); if ($hasher->CheckPassword($password, $user['password'])) { if (!$user['enabled']) { $this->session->getFlashBag()->add('error', Trans::__('Your account is disabled. Sorry about that.')); return false; } $this->updateUserLogin($user); $this->setAuthToken(); return true; } else { $this->loginFailed($user); return false; } }
/** * Validate a user against the given credentials. * * @param \Illuminate\Auth\UserInterface $user * @param array $credentials * @return bool */ public function validateCredentials(UserInterface $user, array $credentials) { $plain = $credentials['password']; return $this->hasher->CheckPassword($plain, $user->getAuthPassword()); }
/** * Check if users can be logged on. * * @return boolean */ private function checkLogin($data) { if (empty($data['password'])) { return false; } $hasher = new PasswordHash(12, true); // dump($this->config); // If we only use the password, the 'users' array is just one element. if ($this->config['password_only']) { $visitors = array('visitor' => $this->config['password']); $data['username'] = '******'; } else { $visitors = $this->config['visitors']; } foreach ($visitors as $visitor => $password) { if ($data['username'] === $visitor) { // echo "user match!"; if ($this->config['encryption'] == 'md5' && md5($data['password']) === $password) { return $visitor; } elseif ($this->config['encryption'] == 'password_hash' && $hasher->CheckPassword($data['password'], $password)) { return $visitor; } elseif ($this->config['encryption'] == 'plaintext' && $data['password'] === $password) { return $visitor; } } } // If we get here, no dice. return false; }
function it_returns_false_if_the_hashed_password_is_empty(PasswordHash $hasher) { $hasher->CheckPassword()->shouldNotBeCalled(); $this->check('password', '')->shouldReturn(false); }
/** * Checks that a submitted password matches the users password * * @param \CMF\Auth\User $user * @param string $submitted_password * * @return bool */ public static function has_password(User $user, $submitted_password) { $user_password = @stream_get_contents($user->get('encrypted_password')); if (empty($user_password) || $user_password === false || empty($submitted_password)) { return false; } $hasher = new PasswordHash(8, false); return $hasher->CheckPassword($submitted_password, $user_password); }
unset($_SESSION['username']); echo '<p>Goodbye!</p>'; header("Location: index.php"); } else { //select hashed password for given username $selectQuery = "SELECT pass FROM admins WHERE username = :username"; $selectStatement = $db->prepare($selectQuery); $selectStatement->bindValue(':username', $username, PDO::PARAM_INT); $selectStatement->execute(); $select = $selectStatement->fetch(); //if a user/pass is found if (!empty($select)) { //this is an instance of phpass. $hasher = new PasswordHash($hash_cost_log2, $hash_portable); //if passwords match(phpass does the heavy lifting) if ($hasher->CheckPassword($pass, $select['pass'])) { //store username $_SESSION['username'] = $username; //go back to index header("Location: index.php"); } else { echo '<p>Incorrect password</p>'; } } else { echo '<p>User not found.</p>'; } unset($hasher); } ?> </div> <!-- END CONTENT --> </div> <!-- END container -->