diff options
Diffstat (limited to 'classes/user.php')
| -rw-r--r-- | classes/user.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/classes/user.php b/classes/user.php index 261fa3d..e50f773 100644 --- a/classes/user.php +++ b/classes/user.php @@ -44,7 +44,7 @@ class user { public static function hash($password, $cost=null) { return password_hash( $password, - PASSWORD_DEFAULT, + constants::password_algo, ['cost' => is_null($cost) ? constants::password_cost : $cost] ); } @@ -148,7 +148,14 @@ class user { * @return bool True iff the password can be accepted */ public function verifyPassword($password) { - return password_verify($password, $this->password); + if (!password_verify($password, $this->password)) { + return false; + } + if (password_needs_rehash($this->password, constants::password_algo, + ['cost' => constants::password_cost])) { + $this->setPassword($password); + } + return true; } /** |