verify_hash() public method

The method and salt used for the crypted hash is determined automatically, then the clear text password is crypted using the same method. If both hashs match true is is returned else false
Author: Andreas Gohr (andi@splitbrain.org)
public verify_hash ( string $clear, string $hash ) : boolean
$clear string Clear-Text password
$hash string Hash to compare against
return boolean
PassHash Class Documentation
Esempio n. 1
0
 /**
  * Check user+password
  *
  * @param   string $user the user name
  * @param   string $pass the clear text password
  * @return  bool
  */
 public function checkPass($user, $pass)
 {
     $data = $this->_selectUser($user);
     if ($data == false) {
         return false;
     }
     if (isset($data['hash'])) {
         // hashed password
         $passhash = new PassHash();
         return $passhash->verify_hash($pass, $data['hash']);
     } else {
         // clear text password in the database O_o
         return $pass == $data['clear'];
     }
 }
Esempio n. 2
0
/**
 * Verifies a cleartext password against a crypted hash
 *
 * @author Andreas Gohr <*****@*****.**>
 * @param  string $clear The clear text password
 * @param  string $crypt The hash to compare with
 * @return bool true if both match
 */
function auth_verifyPassword($clear, $crypt)
{
    $pass = new PassHash();
    return $pass->verify_hash($clear, $crypt);
}
Esempio n. 3
0
}
if (isset($_SESSION['user'])) {
    $smarty->assign('loggedIn', true);
} else {
    if (isset($_POST['user']) and isset($_POST['password'])) {
        $handle = fopen("DokuWiki/users.auth.php", "r");
        if ($handle) {
            while (($line = fgets($handle)) !== false) {
                if (startsWith($line, $_POST['user'])) {
                    // do the auth
                    $lineExplode = explode(":", $line);
                    if ($lineExplode[0] != $_POST['user']) {
                        continue;
                    }
                    $cHash = new PassHash();
                    if ($cHash->verify_hash($_POST['password'], $lineExplode[1])) {
                        $_SESSION['user'] = $_POST['user'];
                        $_SESSION['groups'] = array_map('trim', explode(",", $lineExplode[4]));
                        $smarty->assign('loggedIn', true);
                        header("Location: index.php");
                        exit;
                    } else {
                        error_log("Login attempt with wrong credentials for user: " . $_POST['user']);
                    }
                }
            }
            fclose($handle);
        } else {
            // error opening the file.
        }
    }
Esempio n. 4
0
 /**
  * Check user+password
  *
  * @param   string $user the user name
  * @param   string $pass the clear text password
  * @return  bool
  */
 public function checkPass($user, $pass)
 {
     $userdata = $this->_selectUser($user);
     if ($userdata == false) {
         return false;
     }
     // password checking done in SQL?
     if ($this->_chkcnf(array('check-pass'))) {
         $userdata['clear'] = $pass;
         $userdata['hash'] = auth_cryptPassword($pass);
         $result = $this->_query($this->getConf('check-pass'), $userdata);
         if ($result === false) {
             return false;
         }
         return count($result) == 1;
     }
     // we do password checking on our own
     if (isset($userdata['hash'])) {
         // hashed password
         $passhash = new PassHash();
         return $passhash->verify_hash($pass, $userdata['hash']);
     } else {
         // clear text password in the database O_o
         return $pass === $userdata['clear'];
     }
 }