lithium\security\Password::check()
Compares a password and its hashed value using PHP's crypt()
. Rather than a simple string
comparison, this method uses a constant-time algorithm to defend against timing attacks.
Parameters
-
string
$password
The user-supplied plaintext password to check.
-
string
$hash
The known hashed password to compare it to.
Returns
booleanReturns a boolean indicating whether the password is correct.
Source
public static function check($password, $hash) {
return Hash::compare($hash, crypt($password, $hash));
}