public static function validatePassword($handle, $password)
{
$handle = UserDatabase::sanitize($handle);
$password = UserDatabase::sanitize($password);
$selectQuery = "SELECT userPasswordHash from Users WHERE userHandle=:handle";
try {
# Get Database
$db = Database::getDB();
# Get User Salt
$salt = UserDatabase::getUserSalt($handle, $db);
# Parse .ini Config File
$configPath = dirname(__FILE__) . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "userConfig.ini";
if (($passArray = parse_ini_file($configPath)) === null) {
return false;
}
$method = $passArray["method"];
$hashPassword = $passArray["password"];
$initVector = $passArray["initVector"];
# Hash Password
$calculatedHash = $password . $salt;
$calculatedHash = openssl_encrypt($calculatedHash, $method, $hashPassword, 0, $initVector);
# Get Stored Password Hash
$statement = $db->prepare($selectQuery);
$statement->bindParam(":handle", $handle);
$statement->execute();
$userHashSets = $statement->fetchAll(PDO::FETCH_ASSOC);
$statement->closeCursor();
foreach ($userHashSets as $userHash) {
$storedHash = $userHash["userPasswordHash"];
}
if (empty($storedHash)) {
return false;
}
# Compare Hashes
return hash_equals($calculatedHash, $storedHash);
} catch (Exception $e) {
return false;
}
}
