Untitled

<?php

    function createpasswordhash($user, $raw_pass)
    {
        // this should ONLY be used to create NEW passwords, as
        // the salt is based on the time
        $salt = sha1($user . array_sum(explode(' ', microtime())));
        $raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));

        return $raw;
    }

    function checkpassword($user, $pass, $hash)
    {
        $salt = substr($hash, 0, 40);
        $check = $salt . sha1(sha1($user) . sha1($salt . $pass));

        if($check == $hash) return true;

        return false;
    }

    function checkLogin($user, $rawpass)
    {
        $user = mysql_real_escape_string($user);
        if(isUserBanned($user)) return 'User is banned.';

        global $DB;
        $query = $DB->Query("SELECT `password`, `active`, `enabled` FROM `users` WHERE `username` = '{$user}' LIMIT 1", __FILE__, __LINE);

        if(!$query) return 'Username or password not found.';
        $row = $DB->Fetch($query);
        if(checkpassword($user, $rawpass, $row['password']))
        {
            if($row['active'] == 0) return 'This account is not yet activated.';
            if($row['enabled'] == 0) return 'This account has been disabled.';

            return '';
        }

        return 'Invalid username/password combination.';
    }

    function validpassword($user, $pass)
    {
        // i dont really use this...basically, it checks for some normal characters
        // and also that the username isnt in the password, or too similar
        $pa = 0;

        $matches = array();
        preg_match('/[^a-zA-Z0-9_\.]/', $user, $matches);

        if(isset($matches[0]))          return 1;

        if(strlen($pass) < 6)               return 2;
        if(strpos($pass, $user))            return 3;

        similar_text($user, $pass, $pa);
        if($pa >= 40)                       return 4;

        return 0;
    }

?>