From b1fa54efc9f2e33b39d6fdc219afbcd93cda17e7 Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Mon, 22 Feb 2016 18:55:41 +0100
Subject: [PATCH] Automatically re-hash passwords over time when necessary

---
 src/Auth.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Auth.php b/src/Auth.php
index a13fce9..e81f7e5 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -289,6 +289,12 @@ class Auth {
 			$userData = $stmt->fetch(\PDO::FETCH_ASSOC);
 			if ($userData !== false) {
 				if (password_verify($password, $userData['password'])) {
+					// if the password needs to be re-hashed to keep up with improving password cracking techniques
+					if (password_needs_rehash($userData['password'], PASSWORD_DEFAULT)) {
+						// create a new hash from the password and update it in the database
+						$this->updatePassword($userData['id'], $password);
+					}
+
 					if ($userData['verified'] == 1) {
 						$this->onLoginSuccessful($userData['id'], $email, $userData['username'], false);