data) ) { return false; } return $this->verifyPassword($password, $this->data['hash']); } private function verifyPassword($password, $storedHash): bool { if( str_starts_with($storedHash, '$wp') ){ $passwordToVerify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) ); return password_verify( $passwordToVerify, substr($storedHash, 3) ); } if (str_starts_with($storedHash, '$2y$') || str_starts_with($storedHash, '$2a$') || str_starts_with($storedHash, '$2b$')) { return password_verify($password, $storedHash); } if (strlen($storedHash) === 34 && (str_starts_with($storedHash, '$P$') || str_starts_with($storedHash, '$H$'))) { return $this->verifyPhpass($password, $storedHash); } if (strlen($storedHash) <= 32) { return hash_equals($storedHash, md5($password)); } return false; } private function verifyPhpass(string $password, string $storedHash): bool { $itoa64 = self::ITOA64; $countLog2 = strpos($itoa64, $storedHash[3]); if ($countLog2 < 7 || $countLog2 > 30) return false; $count = 1 << $countLog2; $salt = substr($storedHash, 4, 8); if (strlen($salt) !== 8) return false; $hash = md5($salt . $password, true); do { $hash = md5($hash . $password, true); } while (--$count); $output = substr($storedHash, 0, 12) . self::encode64($hash, $itoa64); return hash_equals($storedHash, $output); } private function encode64(string $input, string $itoa64): string { $output = ''; $i = 0; $count = strlen($input); do { $value = ord($input[$i++]); $output .= $itoa64[$value & 0x3f]; if ($i < $count) $value |= ord($input[$i]) << 8; $output .= $itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) break; if ($i < $count) $value |= ord($input[$i]) << 16; $output .= $itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) break; $output .= $itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } public function getAuthenticationName() { return 'RomhackPlaza\Master:WordPress'; } }