Online PHP editor | refs for KVaSt

<?php declare(strict_types=1); /** * Verify a Django password (PBKDF2-SHA256) * * @param string $password The password provided by the user * @param string $djangoHash The hash stored in the Django app * @return bool * @throws Exception */ function django_password_verify(string $password, string $djangoHash): bool { $pieces = explode('$', $djangoHash); if (count($pieces) !== 4) { throw new Exception("Illegal hash format"); } list($header, $iter, $salt, $hash) = $pieces; // Get the hash algorithm used: if (preg_match('#^pbkdf2_([a-z0-9A-Z]+)$#', $header, $m)) { $algo = $m[1]; } else { throw new Exception(sprintf("Bad header (%s)", $header)); } if (!in_array($algo, hash_algos())) { throw new Exception(sprintf("Illegal hash algorithm (%s)", $algo)); } $calc = hash_pbkdf2($algo, $password, base64_decode($salt), (int) $iterations); var_dump($calc); return false; } var_dump(django_password_verify('123', 'pbkdf2_sha256$20000$MflWfLXbejfO$tNrjk42YE9ZXkg7IvXY5fikbC+H52Ipd2mf7m0azttk='));