The following logic is used by both the database function and the equivalent PHP code.
-
If we are not interested in checking the passwords then return.
-
Select an old password from the control table.
-
Extract the salt from the old password.
-
Use the salt to encrypt the new password (provided in the clear).
-
Compare the newly encrypted password with our loaded value.
-
If the two match return to the calling routine with a TRUE value.
-
If we have any more stored passwords to check go to step 2
-
With no more passwords to check return to the caller with a FALSE value.