public static function validatePassword($handle, $password) { $handle = UserDatabase::sanitize($handle); $password = UserDatabase::sanitize($password); $selectQuery = "SELECT userPasswordHash from Users WHERE userHandle=:handle"; try { # Get Database $db = Database::getDB(); # Get User Salt $salt = UserDatabase::getUserSalt($handle, $db); # Parse .ini Config File $configPath = dirname(__FILE__) . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "userConfig.ini"; if (($passArray = parse_ini_file($configPath)) === null) { return false; } $method = $passArray["method"]; $hashPassword = $passArray["password"]; $initVector = $passArray["initVector"]; # Hash Password $calculatedHash = $password . $salt; $calculatedHash = openssl_encrypt($calculatedHash, $method, $hashPassword, 0, $initVector); # Get Stored Password Hash $statement = $db->prepare($selectQuery); $statement->bindParam(":handle", $handle); $statement->execute(); $userHashSets = $statement->fetchAll(PDO::FETCH_ASSOC); $statement->closeCursor(); foreach ($userHashSets as $userHash) { $storedHash = $userHash["userPasswordHash"]; } if (empty($storedHash)) { return false; } # Compare Hashes return hash_equals($calculatedHash, $storedHash); } catch (Exception $e) { return false; } }