WordPress verification of OSQA SHA1 salted password hashes

/**
* Check if a user has a SHA1 password hash, allows login if password hashes match, then updates password hash to wp format
*
* This is a slight modification of https://gist.github.com/maxrice/3203636
*
* Hooks into check_password filter, mostly copied from md5 upgrade function with pluggable.php/wp_check_password
*
* @param string $check
* @param string $password
* @param string $hash
* @param string $user_id
* @return results of sha1 hash comparison, or $check if $password is not a SHA1 hash
*/

function check_osqa_sha1_password( $check, $password, $hash, $user_id ) {
  if( is_osqa_sha1( $hash ) ) {

    $hashparts = explode ( '$', $hash );
    $salt = $hashparts[1];
    $check = ( $hashparts[2] == sha1( $salt . $password ) );

    if ( $check && $user_id ) {

      // Rehash using new proper WP hash
      wp_set_password( $password, $user_id );
      $hash = wp_hash_password( $password );

      // Allow login
      return true;

    } else {
      // SHA1 hash in db, but SHA1 has of provided $password did not match. Do not allow login.
      return false;
    }
  }

  //not SHA1 password, so return what was passed
  return $check;
}

/**
* Check if provided string is a SHA1 hash
*/
function is_osqa_sha1( $str ) {
  return ( bool ) preg_match( '/^sha1\$[0-9a-f]{5}\$.*$/i', $str );
}

// check if hashed password is SHA1 and update as necessary, see function comments
add_filter( 'check_password', 'check_osqa_sha1_password', 10, 4 );