function passwords_validate_password_for_user($password, &$user, $more = array())
{
$defaults = array('ensure_bcrypt' => 1);
$more = array_merge($defaults, $more);
$enc_password = $user['password'];
$is_bcrypt = substr($enc_password, 0, 4) == '$2a$' ? 1 : 0;
$validate_more = array('use_bcrypt' => $is_bcrypt);
$is_ok = passwords_validate_password($password, $enc_password, $validate_more);
if ($is_ok && !$is_bcrypt && $more['ensure_bcrypt'] && $GLOBALS['passwords_canhas_bcrypt']) {
# note the pass-by-ref above
if (users_update_password($user, $password)) {
$user = users_get_by_id($user['id']);
}
}
return $is_ok;
}
function passwords_validate_password_for_user($password, &$user)
{
#
# is this is *not* a bcrypt hash, but we allow promotion,
# then verify & promote it.
#
$is_bcrypt = substr($user['password'], 0, 4) == '$2a$';
if ($GLOBALS['cfg']['passwords_use_bcrypt'] && $GLOBALS['cfg']['passwords_allow_promotion'] && !$is_bcrypt) {
$test = hash_hmac("sha256", $password, $GLOBALS['cfg']['crypto_password_secret']);
$is_ok = $test == $user['password'];
if ($is_ok) {
if (users_update_password($user, $password)) {
$user = users_get_by_id($user['id']);
}
}
return $is_ok;
}
#
# simple case
#
return passwords_validate_password($password, $user['password']);
}
function users_get_by_login($email, $password)
{
$user = users_get_by_email($email);
if (!$user) {
return null;
}
if ($user['deleted']) {
return null;
}
if (!passwords_validate_password($password, $user['password'])) {
return null;
}
return $user;
}
