From e1ce84dfd0064c33a836b05c7287f30d6889f214 Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Tue, 26 Jul 2016 00:27:21 +0200
Subject: Added password_needs_rehash logic

---
 classes/user.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'classes/user.php')

diff --git a/classes/user.php b/classes/user.php
index 261fa3d..e50f773 100644
--- a/classes/user.php
+++ b/classes/user.php
@@ -44,7 +44,7 @@ class user {
 	public static function hash($password, $cost=null) {
 		return password_hash(
 			$password,
-			PASSWORD_DEFAULT,
+			constants::password_algo,
 			['cost' => is_null($cost) ? constants::password_cost : $cost]
 		);
 	}
@@ -148,7 +148,14 @@ class user {
 	 * @return bool                     True iff the password can be accepted
 	 */
 	public function verifyPassword($password) {
-		return password_verify($password, $this->password);
+		if (!password_verify($password, $this->password)) {
+			return false;
+		}
+		if (password_needs_rehash($this->password, constants::password_algo,
+				['cost' => constants::password_cost])) {
+			$this->setPassword($password);
+		}
+		return true;
 	}
 
 	/**
-- 
cgit v1.2.3