<?php
$password = "chemicals1";
$expected = "{SSHA512}w/lHn2LXfNletbfyLVYutBFqUjGPzhmptyleVlehUZSZdylZCt/sDmvkhTBV1Ln4f6rzXTdM6eOGr3LX7FgGCF5/fsbs0vVq";
function compare_postfix_ssha512_hash($password, $valid_hash) {
$hash_algo = "{SSHA512}";
$salt_length = 8;
// strip the identifier from the hash (if exists)
$valid_hash = str_replace($hash_algo, "", $valid_hash);
// get the salt from the valid hash
$salt = substr(base64_decode($valid_hash), -$salt_length);
// strip the salt from the end of the valid hash
$valid_hash = base64_encode(substr(base64_decode($valid_hash), 0, -$salt_length));
// hash our password with the salt
$hash = base64_encode(hash('sha512', "{$password}{$salt}", true));
// return the comparison
return hash_equals($valid_hash, $hash);
}
var_dump(compare_postfix_ssha512_hash($password, $expected));