// Assumes you've accepted the password// as $password and username as $userna

1. // Assumes you've accepted the password
2. // as $password and username as $username
3. // prior to calling the check_auth function
4. function check_auth($username, $password)
5. {
6.    $host = 'somehost';
7.    $sqluser = 'someuser';
8.    $sqlpass = 'somepass';
9.  
10.    $good_auth = false;
11.  
12.    $sql = "SELECT user_password FROM db.phpbb_users WHERE username='" . $username .
13.  
14. "'";
15.    $link = mysql_connect($host, $sqluser, $sqlpass);
16.    if (!$link)
17.    {
18.       die("Could not connect");
19.    }
20.    $result = mysql_query($sql);
21.    $row = mysql_fetch_row($result);
22.    $dbhash = $row[0];
23.  
24.    $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
25.    
26.    if (strlen($dbhash) == 34)
27.    {
28.       $pwhash = hash_it($password, $dbhash, $itoa64);
29.    } else {
30.       $pwhash = md5($password);
31.    }
32.  
33.    if ($pwhash === $dbhash)
34.    {
35.       $good_auth = true;
36.    }
37.    
38.    return $good_auth;
39. }
40.  
41.  
42.  
43. // This is copy/paste of phpBB's
44. // _hash_crypt_private function
45. function hash_it($password, $setting, &$itoa64)
46. {
47.    $output = '*';
48.  
49.    // Check for correct hash
50.    if (substr($setting, 0, 3) != '$H$')
51.    {
52.       return $output;
53.    }
54.  
55.    $count_log2 = strpos($itoa64, $setting[3]);
56.  
57.    if ($count_log2 < 7 || $count_log2 > 30)
58.    {
59.       return $output;
60.    }
61.  
62.    $count = 1 << $count_log2;
63.    $salt = substr($setting, 4, 8);
64.  
65.    if (strlen($salt) != 8)
66.    {
67.       return $output;
68.    }
69.  
70.    /**
71.    * We're kind of forced to use MD5 here since it's the only
72.    * cryptographic primitive available in all versions of PHP
73.    * currently in use.  To implement our own low-level crypto
74.    * in PHP would result in much worse performance and
75.    * consequently in lower iteration counts and hashes that are
76.    * quicker to crack (by non-PHP code).
77.    */
78.    if (PHP_VERSION >= 5)
79.    {
80.       $hash = md5($salt . $password, true);
81.       do
82.       {
83.          $hash = md5($hash . $password, true);
84.       }
85.       while (--$count);
86.    }
87.    else
88.    {
89.       $hash = pack('H*', md5($salt . $password));
90.       do
91.       {
92.          $hash = pack('H*', md5($hash . $password));
93.       }
94.       while (--$count);
95.    }
96.  
97.    $output = substr($setting, 0, 12);
98.    $output .= _hash_encode64($hash, 16, $itoa64);
99.  
100.    return $output;
101. }
102.  
103. // Copy/paste of phpBB's function
104. function _hash_encode64($input, $count, &$itoa64)
105. {
106.    $output = '';
107.    $i = 0;
108.  
109.    do
110.    {
111.       $value = ord($input[$i++]);
112.       $output .= $itoa64[$value & 0x3f];
113.  
114.       if ($i < $count)
115.       {
116.          $value |= ord($input[$i]) << 8;
117.       }
118.  
119.       $output .= $itoa64[($value >> 6) & 0x3f];
120.  
121.       if ($i++ >= $count)
122.       {
123.          break;
124.       }
125.  
126.       if ($i < $count)
127.       {
128.          $value |= ord($input[$i]) << 16;
129.       }
130.  
131.       $output .= $itoa64[($value >> 12) & 0x3f];
132.      
133.       if ($i++ >= $count)
134.       {
135.          break;
136.       }
137.  
138.       $output .= $itoa64[($value >> 18) & 0x3f];
139.    }
140.    while ($i < $count);
141.  
142.    return $output;
143. }