Esempio n. 1
0
 /**
  * Checks the plaintext password against the encrypted Password.
  *
  * Maintains compatibility between old version and the new cookie authentication
  * protocol using PHPass library. The $hash parameter is the encrypted password
  * and the function compares the plain text password when encypted similarly
  * against the already encrypted password to see if they match.
  *
  * For integration with other applications, this function can be overwritten to
  * instead use the other package password checking algorithm.
  *
  * @since nxt 2.5
  * @global object $nxt_hasher PHPass object used for checking the password
  *	against the $hash + $password
  * @uses PasswordHash::CheckPassword
  *
  * @param string $password Plaintext user's password
  * @param string $hash Hash of the user's password to check against.
  * @return bool False, if the $password does not match the hashed password
  */
 function check_password($password, $hash, $user_id = '')
 {
     global $nxt_hasher, $nxt_users_object;
     list($hash, $broken) = array_pad(explode('---', $hash), 2, '');
     // If the hash is still md5...
     if (strlen($hash) <= 32) {
         $check = $hash == md5($password);
         if ($check && $user_id && !$broken) {
             // Rehash using new hash.
             $nxt_users_object->set_password($password, $user_id);
             $hash = nxt_Pass::hash_password($password);
         }
         return apply_filters('check_password', $check, $password, $hash, $user_id);
     }
     // If the stored hash is longer than an MD5, presume the
     // new style phpass portable hash.
     if (empty($nxt_hasher)) {
         require_once BACKPRESS_PATH . 'class.passwordhash.php';
         // By default, use the portable hash from phpass
         $nxt_hasher = new PasswordHash(8, TRUE);
     }
     $check = $nxt_hasher->CheckPassword($password, $hash);
     return apply_filters('check_password', $check, $password, $hash, $user_id);
 }
 /**
  * set_password() - Updates the user's password with a new encrypted one
  *
  * For integration with other applications, this function can be
  * overwritten to instead use the other package password checking
  * algorithm.
  *
  * @since 2.5
  * @uses nxt_Pass::hash_password() Used to encrypt the user's password before passing to the database
  *
  * @param string $password The plaintext new user password
  * @param int $user_id User ID
  */
 function set_password($password, $user_id)
 {
     $user = $this->get_user($user_id);
     if (!$user || is_nxt_error($user)) {
         return $user;
     }
     $user_id = $user->ID;
     $hash = nxt_Pass::hash_password($password);
     $this->update_user($user->ID, array('user_pass' => $password));
 }
 function bb_hash_password($password)
 {
     return nxt_Pass::hash_password($password);
 }