/** * Checks the plaintext password against the encrypted Password. * * Maintains compatibility between old version and the new cookie authentication * protocol using PHPass library. The $hash parameter is the encrypted password * and the function compares the plain text password when encypted similarly * against the already encrypted password to see if they match. * * For integration with other applications, this function can be overwritten to * instead use the other package password checking algorithm. * * @since nxt 2.5 * @global object $nxt_hasher PHPass object used for checking the password * against the $hash + $password * @uses PasswordHash::CheckPassword * * @param string $password Plaintext user's password * @param string $hash Hash of the user's password to check against. * @return bool False, if the $password does not match the hashed password */ function check_password($password, $hash, $user_id = '') { global $nxt_hasher, $nxt_users_object; list($hash, $broken) = array_pad(explode('---', $hash), 2, ''); // If the hash is still md5... if (strlen($hash) <= 32) { $check = $hash == md5($password); if ($check && $user_id && !$broken) { // Rehash using new hash. $nxt_users_object->set_password($password, $user_id); $hash = nxt_Pass::hash_password($password); } return apply_filters('check_password', $check, $password, $hash, $user_id); } // If the stored hash is longer than an MD5, presume the // new style phpass portable hash. if (empty($nxt_hasher)) { require_once BACKPRESS_PATH . 'class.passwordhash.php'; // By default, use the portable hash from phpass $nxt_hasher = new PasswordHash(8, TRUE); } $check = $nxt_hasher->CheckPassword($password, $hash); return apply_filters('check_password', $check, $password, $hash, $user_id); }
/** * set_password() - Updates the user's password with a new encrypted one * * For integration with other applications, this function can be * overwritten to instead use the other package password checking * algorithm. * * @since 2.5 * @uses nxt_Pass::hash_password() Used to encrypt the user's password before passing to the database * * @param string $password The plaintext new user password * @param int $user_id User ID */ function set_password($password, $user_id) { $user = $this->get_user($user_id); if (!$user || is_nxt_error($user)) { return $user; } $user_id = $user->ID; $hash = nxt_Pass::hash_password($password); $this->update_user($user->ID, array('user_pass' => $password)); }
function bb_hash_password($password) { return nxt_Pass::hash_password($password); }