/** * Compare a password-like code to a hashed value, to determine if they match. * * Note that this is not limited only to use for user login passwords, but can be used where ever a human-readable * password-like code is needed. * * @param string $unhashedPassword The password-like code entered by the user. * @param string $hashedPassword The hashed password-like code that the entered password-like code is to be compared to. * * @return bool True if the $unhashedPassword matches the $hashedPassword with the given hashing method; false if they do not * match, or if there was an error (such as an empty password or invalid code). */ public static function passwordsMatch($unhashedPassword, $hashedPassword) { $passwordsMatch = false; if (!isset($unhashedPassword) || !is_string($unhashedPassword) || empty($unhashedPassword)) { return LogUtil::registerArgsError(); } if (!isset($hashedPassword) || !is_string($hashedPassword) || empty($hashedPassword) || strpos($hashedPassword, UsersConstant::SALT_DELIM) === false) { return LogUtil::registerArgsError(); } $passwordsMatch = SecurityUtil::checkSaltedHash($unhashedPassword, $hashedPassword, self::getPasswordHashMethods(true), UsersConstant::SALT_DELIM); return $passwordsMatch; }
/** * Compare a password-like code to a hashed value, to determine if they match. * * Note that this is not limited only to use for user login passwords, but can be used where ever a human-readable * password-like code is needed. * * @param string $unhashedPassword The password-like code entered by the user. * @param string $hashedPassword The hashed password-like code that the entered password-like code is to be compared to. * * @return bool True if the $unhashedPassword matches the $hashedPassword with the given hashing method; false if they do not * match, or if there was an error (such as an empty password or invalid code). */ public static function passwordsMatch($unhashedPassword, $hashedPassword) { $passwordsMatch = false; if (!isset($unhashedPassword) || !is_string($unhashedPassword) || empty($unhashedPassword)) { throw new \InvalidArgumentException(__('Invalid arguments array received')); } if (!isset($hashedPassword) || !is_string($hashedPassword) || empty($hashedPassword) || strpos($hashedPassword, UsersConstant::SALT_DELIM) === false) { throw new \InvalidArgumentException(__('Invalid arguments array received')); } $passwordsMatch = SecurityUtil::checkSaltedHash($unhashedPassword, $hashedPassword, self::getPasswordHashMethods(true), UsersConstant::SALT_DELIM); return $passwordsMatch; }