pass = $old_pass; $account_new = new stdClass(); $account_new->pass = $new_pass; echo "Checking old...\n"; echo user_check_password($pwd, $account_old) ? "OK\n" : "FAIL\n"; echo "old hash: ".return_hash($pwd, $account_old); echo "\nChecking new...\n"; echo user_check_password($pwd, $account_new) ? "OK\n" : "FAIL\n"; echo "new hash: ".return_hash($pwd, $account_new); function return_hash($password, $account) { if (substr($account->pass, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5(). $stored_hash = substr($account->pass, 1); $password = md5($password); } else { $stored_hash = $account->pass; } $type = substr($stored_hash, 0, 3); switch ($type) { case '$S$': // A normal Drupal 7 password using sha512. $hash = _password_crypt('sha512', $password, $stored_hash); break; case '$H$': // phpBB3 uses "$H$" for the same thing as "$P$". case '$P$': // A phpass password generated using md5. This is an // imported password or from an earlier Drupal version. $hash = _password_crypt('md5', $password, $stored_hash); break; default: return FALSE; } return $hash; } ?>