| 210,21 → 210,18 |
|---|
| } |
| |
| foreach ($passwordDataArray as $passwordData) { |
| if (strpos($passwordData, '$') !== false) { |
| if ($passwordData[0] == '$') { |
| // Version 3: BCrypt |
| if (password_verify($password, $passwordData)) return true; |
| } else { |
| if (str_starts_with($passwordData, '$')) { |
| // Version 3: BCrypt (or any other crypt) |
| $ok = password_verify($password, $passwordData); |
| } else if (strpos($passwordData, '$') !== false) { |
| // Version 2: SHA3-512 with salt |
| list($s_salt, $hash) = explode('$', $passwordData, 2); |
| } |
| list($salt, $hash) = explode('$', $passwordData, 2); |
| $ok = hash_equals(sha3_512($salt.$password, true), base64_decode($hash)); |
| } else { |
| // Version 1: SHA3-512 without salt |
| $s_salt = ''; |
| $hash = $passwordData; |
| $ok = hash_equals(sha3_512($password, true), base64_decode($passwordData)); |
| } |
| |
| if (hash_equals(sha3_512($s_salt.$password, true), base64_decode($hash))) return true; |
| if ($ok) return true; |
| } |
| |
| return false; |
| 359,4 → 356,3 |
|---|
| /* Nothing here; the admin password will be generated in setup_base.js , purely in the web-browser */ |
| |
| } |
| |