mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-31 13:20:11 +02:00
Code Issues Releases Wiki Activity

Automatically re-hash passwords over time when necessary

Browse Source
This commit is contained in:
Marco
2016-02-22 18:55:41 +01:00
parent 2f8aaec42a
commit b1fa54efc9
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Auth.php
View File

@@ -289,6 +289,12 @@ class Auth {
$userData = $stmt->fetch(\PDO::FETCH_ASSOC); $userData = $stmt->fetch(\PDO::FETCH_ASSOC);
if ($userData !== false) { if ($userData !== false) {
if (password_verify($password, $userData['password'])) { if (password_verify($password, $userData['password'])) {
// if the password needs to be re-hashed to keep up with improving password cracking techniques
if (password_needs_rehash($userData['password'], PASSWORD_DEFAULT)) {
// create a new hash from the password and update it in the database
$this->updatePassword($userData['id'], $password);
}
if ($userData['verified'] == 1) { if ($userData['verified'] == 1) {
$this->onLoginSuccessful($userData['id'], $email, $userData['username'], false); $this->onLoginSuccessful($userData['id'], $email, $userData['username'], false);