/**
* Checks the plaintext password against the encrypted Password.
*
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library. The $hash parameter is the encrypted password
* and the function compares the plain text password when encypted similarly
* against the already encrypted password to see if they match.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since nxt 2.5
* @global object $nxt_hasher PHPass object used for checking the password
* against the $hash + $password
* @uses PasswordHash::CheckPassword
*
* @param string $password Plaintext user's password
* @param string $hash Hash of the user's password to check against.
* @return bool False, if the $password does not match the hashed password
*/
function check_password($password, $hash, $user_id = '')
{
global $nxt_hasher, $nxt_users_object;
list($hash, $broken) = array_pad(explode('---', $hash), 2, '');
// If the hash is still md5...
if (strlen($hash) <= 32) {
$check = $hash == md5($password);
if ($check && $user_id && !$broken) {
// Rehash using new hash.
$nxt_users_object->set_password($password, $user_id);
$hash = nxt_Pass::hash_password($password);
}
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if (empty($nxt_hasher)) {
require_once BACKPRESS_PATH . 'class.passwordhash.php';
// By default, use the portable hash from phpass
$nxt_hasher = new PasswordHash(8, TRUE);
}
$check = $nxt_hasher->CheckPassword($password, $hash);
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
/**
* set_password() - Updates the user's password with a new encrypted one
*
* For integration with other applications, this function can be
* overwritten to instead use the other package password checking
* algorithm.
*
* @since 2.5
* @uses nxt_Pass::hash_password() Used to encrypt the user's password before passing to the database
*
* @param string $password The plaintext new user password
* @param int $user_id User ID
*/
function set_password($password, $user_id)
{
$user = $this->get_user($user_id);
if (!$user || is_nxt_error($user)) {
return $user;
}
$user_id = $user->ID;
$hash = nxt_Pass::hash_password($password);
$this->update_user($user->ID, array('user_pass' => $password));
}
function bb_hash_password($password)
{
return nxt_Pass::hash_password($password);
}
