Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Assumes you've accepted the password
- // as $password and username as $username
- // prior to calling the check_auth function
- function check_auth($username, $password)
- {
- $host = 'somehost';
- $sqluser = 'someuser';
- $sqlpass = 'somepass';
- $good_auth = false;
- $sql = "SELECT user_password FROM db.phpbb_users WHERE username='" . $username .
- "'";
- $link = mysql_connect($host, $sqluser, $sqlpass);
- if (!$link)
- {
- die("Could not connect");
- }
- $result = mysql_query($sql);
- $row = mysql_fetch_row($result);
- $dbhash = $row[0];
- $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- if (strlen($dbhash) == 34)
- {
- $pwhash = hash_it($password, $dbhash, $itoa64);
- } else {
- $pwhash = md5($password);
- }
- if ($pwhash === $dbhash)
- {
- $good_auth = true;
- }
- return $good_auth;
- }
- // This is copy/paste of phpBB's
- // _hash_crypt_private function
- function hash_it($password, $setting, &$itoa64)
- {
- $output = '*';
- // Check for correct hash
- if (substr($setting, 0, 3) != '$H$')
- {
- return $output;
- }
- $count_log2 = strpos($itoa64, $setting[3]);
- if ($count_log2 < 7 || $count_log2 > 30)
- {
- return $output;
- }
- $count = 1 << $count_log2;
- $salt = substr($setting, 4, 8);
- if (strlen($salt) != 8)
- {
- return $output;
- }
- /**
- * We're kind of forced to use MD5 here since it's the only
- * cryptographic primitive available in all versions of PHP
- * currently in use. To implement our own low-level crypto
- * in PHP would result in much worse performance and
- * consequently in lower iteration counts and hashes that are
- * quicker to crack (by non-PHP code).
- */
- if (PHP_VERSION >= 5)
- {
- $hash = md5($salt . $password, true);
- do
- {
- $hash = md5($hash . $password, true);
- }
- while (--$count);
- }
- else
- {
- $hash = pack('H*', md5($salt . $password));
- do
- {
- $hash = pack('H*', md5($hash . $password));
- }
- while (--$count);
- }
- $output = substr($setting, 0, 12);
- $output .= _hash_encode64($hash, 16, $itoa64);
- return $output;
- }
- // Copy/paste of phpBB's function
- function _hash_encode64($input, $count, &$itoa64)
- {
- $output = '';
- $i = 0;
- do
- {
- $value = ord($input[$i++]);
- $output .= $itoa64[$value & 0x3f];
- if ($i < $count)
- {
- $value |= ord($input[$i]) << 8;
- }
- $output .= $itoa64[($value >> 6) & 0x3f];
- if ($i++ >= $count)
- {
- break;
- }
- if ($i < $count)
- {
- $value |= ord($input[$i]) << 16;
- }
- $output .= $itoa64[($value >> 12) & 0x3f];
- if ($i++ >= $count)
- {
- break;
- }
- $output .= $itoa64[($value >> 18) & 0x3f];
- }
- while ($i < $count);
- return $output;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement