/**
* Compare a password-like code to a hashed value, to determine if they match.
*
* Note that this is not limited only to use for user login passwords, but can be used where ever a human-readable
* password-like code is needed.
*
* @param string $unhashedPassword The password-like code entered by the user.
* @param string $hashedPassword The hashed password-like code that the entered password-like code is to be compared to.
*
* @return bool True if the $unhashedPassword matches the $hashedPassword with the given hashing method; false if they do not
* match, or if there was an error (such as an empty password or invalid code).
*/
public static function passwordsMatch($unhashedPassword, $hashedPassword)
{
$passwordsMatch = false;
if (!isset($unhashedPassword) || !is_string($unhashedPassword) || empty($unhashedPassword)) {
return LogUtil::registerArgsError();
}
if (!isset($hashedPassword) || !is_string($hashedPassword) || empty($hashedPassword) || strpos($hashedPassword, UsersConstant::SALT_DELIM) === false) {
return LogUtil::registerArgsError();
}
$passwordsMatch = SecurityUtil::checkSaltedHash($unhashedPassword, $hashedPassword, self::getPasswordHashMethods(true), UsersConstant::SALT_DELIM);
return $passwordsMatch;
}
/**
* Compare a password-like code to a hashed value, to determine if they match.
*
* Note that this is not limited only to use for user login passwords, but can be used where ever a human-readable
* password-like code is needed.
*
* @param string $unhashedPassword The password-like code entered by the user.
* @param string $hashedPassword The hashed password-like code that the entered password-like code is to be compared to.
*
* @return bool True if the $unhashedPassword matches the $hashedPassword with the given hashing method; false if they do not
* match, or if there was an error (such as an empty password or invalid code).
*/
public static function passwordsMatch($unhashedPassword, $hashedPassword)
{
$passwordsMatch = false;
if (!isset($unhashedPassword) || !is_string($unhashedPassword) || empty($unhashedPassword)) {
throw new \InvalidArgumentException(__('Invalid arguments array received'));
}
if (!isset($hashedPassword) || !is_string($hashedPassword) || empty($hashedPassword) || strpos($hashedPassword, UsersConstant::SALT_DELIM) === false) {
throw new \InvalidArgumentException(__('Invalid arguments array received'));
}
$passwordsMatch = SecurityUtil::checkSaltedHash($unhashedPassword, $hashedPassword, self::getPasswordHashMethods(true), UsersConstant::SALT_DELIM);
return $passwordsMatch;
}
