/**
* Extension of password validation to handle more types
*
* @param string $pword - plaintext password as entered by user
* @param string $login_name - string used to log in (could actually be email address)
* @param string $stored_hash - required value for password to match
* @param integer $password_type - constant specifying the type of password to check against
*
* @return PASSWORD_INVALID|PASSWORD_VALID|string
* PASSWORD_INVALID if no match
* PASSWORD_VALID if valid password
* Return a new hash to store if valid password but non-preferred encoding
*/
public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
{
switch ($password_type) {
case PASSWORD_GENERAL_MD5:
case PASSWORD_E107_MD5:
$pwHash = md5($pword);
break;
case PASSWORD_GENERAL_SHA1:
if (strlen($stored_hash) != 40) {
return PASSWORD_INVALID;
}
$pwHash = sha1($pword);
break;
case PASSWORD_JOOMLA_SALT:
case PASSWORD_MAMBO_SALT:
if (strpos($stored_hash, ':') === false || strlen($stored_hash) < 40) {
return PASSWORD_INVALID;
}
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash);
$pwHash = md5($pword . $salt);
$stored_hash = $hash;
break;
case PASSWORD_MAGENTO_SALT:
$hash = $salt = '';
if (strpos($stored_hash, ':') !== false) {
list($hash, $salt) = explode(':', $stored_hash);
} else {
$hash = $stored_hash;
}
if (strlen($hash) !== 32) {
//return PASSWORD_INVALID;
}
$pwHash = $salt ? md5($salt . $pword) : md5($pword);
$stored_hash = $hash;
break;
case PASSWORD_E107_SALT:
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
return parent::CheckPassword($password, $login_name, $stored_hash);
break;
case PASSWORD_PHPBB_SALT:
case PASSWORD_WORDPRESS_SALT:
if (strlen($stored_hash) != 34) {
return PASSWORD_INVALID;
}
$pwHash = $this->crypt_private($pword, $stored_hash, $password_type);
if ($pwHash[0] == '*') {
return PASSWORD_INVALID;
}
$stored_hash = substr($stored_hash, 12);
break;
case PASSWORD_PLAINTEXT:
$pwHash = $pword;
break;
default:
return PASSWORD_INVALID;
}
if ($stored_hash != $pwHash) {
return PASSWORD_INVALID;
}
return PASSWORD_VALID;
}
