PasswordVerify: Difference between revisions

From Multi Theft Auto: Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 18: Line 18:
{{New feature/item|3.0156|1.5.6||
{{New feature/item|3.0156|1.5.6||
*'''options:''' addvanced options
*'''options:''' addvanced options
**'''insecureBcrypt:''' If set to ''true'', you can use the ''$2a$'' prefix for bcrypt hashes as well. <span style="color:red">It is strongly not recommended to use it though, because the underlying implementation has a bug that leads to such hashes being relatively easy to crack.</span> This bug was fixed for ''$2y''.
**'''insecureBcrypt:''' If set to ''true'', you can use the ''$2a$'' prefix for bcrypt hashes as well. '''It is strongly not recommended to use it though, because the underlying implementation has a bug that leads to such hashes being relatively easy to crack.''' This bug was fixed for ''$2y''.
}}
}}
{{New feature/item|3.0154|1.5.4|11281|
{{New feature/item|3.0154|1.5.4|11281|

Revision as of 05:35, 4 September 2018

This template is no longer in use as it results in poor readability. This function verifies whether a password matches a password hash.

[[|link=|]] Warning: It is strongly recommended to use the async version of the function (i.e. provide a callback function). Otherwise, you will experience short freezes due to the slow nature of the bcrypt algorithm

Syntax

bool passwordVerify ( string password, string hash[, table options, function callback] )  

Required Arguments

  • password: The password to check.
  • hash: A supported hash (see passwordHash). Note that only the prefix $2y$ is supported for type bcrypt (older prefixes can cause security issues).

Optional Arguments

  • options: addvanced options
    • insecureBcrypt: If set to true, you can use the $2a$ prefix for bcrypt hashes as well. It is strongly not recommended to use it though, because the underlying implementation has a bug that leads to such hashes being relatively easy to crack. This bug was fixed for $2y.
  • callback: providing a callback will run this function asynchronously, the arguments to the callback are the same as the returned values below.

Returns

Returns true if the password matches the hash. Returns false if the password does not match, or if an unknown hash was passed. If a callback was provided, the aforementioned values are arguments to the callback, and this function will always return true.

Example

See passwordHash example.

See Also