3 namespace wcf\system\user\authentication\password\algorithm
;
5 use ParagonIE\ConstantTime\Hex
;
6 use wcf\system\user\authentication\password\IPasswordAlgorithm
;
9 * Implementation of the password algorithm for WoltLab Community Framework 1.x (wcf1).
11 * @author Joshua Ruesweg
12 * @copyright 2001-2020 WoltLab GmbH
13 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
14 * @package WoltLabSuite\Core\System\User\Authentication\Password\Algorithm
17 final class Wcf1
implements IPasswordAlgorithm
22 public function verify(string $password, string $hash): bool
24 [$hash, $salt] = \
explode(':', $hash, 2);
26 return \
hash_equals($hash, $this->hashWithSalt($password, $salt));
32 public function hash(string $password): string
34 $salt = Hex
::encode(\random_bytes
(20));
36 return $this->hashWithSalt($password, $salt) . ':' . $salt;
40 * Returns the hashed password, hashed with a given salt.
42 private function hashWithSalt(string $password, string $salt): string
44 return \
sha1($salt . \
sha1($salt . \
sha1($password)));
50 public function needsRehash(string $hash): bool