Rev 454 | Rev 457 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 454 | Rev 456 | ||
---|---|---|---|
Line 122... | Line 122... | ||
122 | public static function adminCheckPassword($password) { |
122 | public static function adminCheckPassword($password) { |
123 | $passwordData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
123 | $passwordData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
124 | if (empty($passwordData)) { |
124 | if (empty($passwordData)) { |
125 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
125 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
126 | } |
126 | } |
- | 127 | ||
127 | if (strpos($passwordData, '$') !== false) { |
128 | if (strpos($passwordData, '$') !== false) { |
- | 129 | if ($passwordData[0] == '$') { |
|
- | 130 | // Version 3: BCrypt |
|
- | 131 | return password_verify($password, $passwordData); |
|
- | 132 | } else { |
|
- | 133 | // Version 2: SHA3-512 without salt |
|
128 | list($s_salt, $hash) = explode('$', $passwordData, 2); |
134 | list($s_salt, $hash) = explode('$', $passwordData, 2); |
- | 135 | } |
|
129 | } else { |
136 | } else { |
- | 137 | // Version 1: SHA3-512 without salt |
|
130 | $s_salt = ''; |
138 | $s_salt = ''; |
131 | $hash = $passwordData; |
139 | $hash = $passwordData; |
132 | } |
140 | } |
133 | return strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0; |
141 | return strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0; |
134 | } |
142 | } |