/** * checking a password against a hash * * @param string $password Password * @param string $hash Hash of stored password * @param string $email * @return bool */ function check($password, $hash, $email = '') { Timers::start('hash_check'); $password = $this->salt($password, $email); if (PASSWORD_HASH == 'PBKDF2') { $return = $this->pbkdf2_check($password, $hash, PBKDF2_SALT, PBKDF2_BINARY, PBKDF2_ITERATIONS, PBKDF2_KEY_LENGTH, PBKDF2_ALGORITHM); } else { if (PASSWORD_HASH == 'bcrypt') { $return = $this->bcrypt_check($password, $hash); } else { if (PASSWORD_HASH == 'scrypt') { $return = $this->scrypt_check($password, $hash, SCRYPT_PEPPER, SCRYPT_KEY_LENGTH); } } } Timers::stop('hash_check'); return $return; }