Add example code for how to validate SHA2 passwords in PHP.

author: Sadie Powell <sadie@witchery.services> 2024-12-15 13:23:31 +0000
committer: Sadie Powell <sadie@witchery.services> 2024-12-15 13:23:31 +0000
commit: 78b548628ca29e5f47c201fbadfcca1c81ad3133 (patch)
tree: a157ea0b08e414f0035637ffeeea5489f7f4b774 /modules/encryption/enc_sha2.cpp
parent: d0e24a50b8d93d9ee17e7c239a574f0514c502f7 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/modules/encryption/enc_sha2.cpp b/modules/encryption/enc_sha2.cpp
index d2ad99b62..5172f64cc 100644
--- a/modules/encryption/enc_sha2.cpp
+++ b/modules/encryption/enc_sha2.cpp
@@ -171,6 +171,21 @@ public:
 			if (bpos == Anope::string::npos)
 				return; // No HMAC key.
 
+			// If you are using PHP you can validate passwords like this:
+			//
+			// <?php
+			// function check_pass($user_pass, $anope_pass) {
+			// 	[$algo, $hash, $key] = explode(':', $anope_pass);
+			// 	$hash_algo           = substr($algo, 5);
+			// 	$unhex_key           = hex2bin($key);
+			// 	$user_hash           = hash_hmac($hash_algo, $user_pass, $unhex_key);
+			// 	return hash_equals($hash, $user_hash);
+			// }
+			//
+			// $anope_pass  = "hmac-sha256:5f7f039818f6e10be84dab0f49610a387d3818b2c883eacdc1778c66a7cecf3b:1a924a3b05a11d7bf3c752d820391dbe01fb7e5d83f7400765de987c3fbb0ec3";
+			// var_dump(check_pass("test12345", $anope_pass));     // valid
+			// var_dump(check_pass("test123456789", $anope_pass)); // invalid
+
 			Anope::string pass_hex(nc->pass.begin() + apos + 1, nc->pass.begin() + bpos);
 			Anope::string key_hex(nc->pass.begin() + bpos + 1, nc->pass.end());
 			Anope::string key;
author	Sadie Powell <sadie@witchery.services>	2024-12-15 13:23:31 +0000
committer	Sadie Powell <sadie@witchery.services>	2024-12-15 13:23:31 +0000
commit	78b548628ca29e5f47c201fbadfcca1c81ad3133 (patch)
tree	a157ea0b08e414f0035637ffeeea5489f7f4b774 /modules/encryption/enc_sha2.cpp
parent	d0e24a50b8d93d9ee17e7c239a574f0514c502f7 (diff)