/** * Passwords prefixed with M or C might be salted passwords: * M means: originally a md5 hash before it was salted (eg. default be_users). * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw. * Both M and C will be updated to usual salted hashes on first login of user. * * If a password does not start with M or C determine if a password is already a usual salted hash. * * @param string $password Password * @return bool TRUE if password is a salted hash */ protected function isSaltedHash($password) { $isSaltedHash = FALSE; if (strlen($password) > 2 && (\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'C$') || \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'M$'))) { // Cut off M or C and test if we have a salted hash $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod(substr($password, 1)); } // Test if given password is a already a usual salted hash if (!$isSaltedHash) { $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod($password); } return $isSaltedHash; }