public static function check_password($password, $hash) { // check whether the stored hash is using password_hash() or Punbb::hash() $password_needs_rehash = password_needs_rehash($hash, PASSWORD_DEFAULT); return !$password_needs_rehash && password_verify($password, $hash) || $password_needs_rehash && Punbb::punHash($password) === $hash; }