/** * Authenticate user. * * If user password needs to be updated, new information will be saved. * * @param string $password Plaintext password. * @return bool */ public function authenticate($password) { $save = false; // Plain-text is still stored if ($this->password) { if ($password !== $this->password) { // Plain-text passwords do not match, we know we should fail but execute // verify to protect us from timing attacks and return false regardless of // the result Authentication::verify($password, self::getGrav()['config']->get('system.security.default_hash')); return false; } else { // Plain-text does match, we can update the hash and proceed $save = true; $this->hashed_password = Authentication::create($this->password); unset($this->password); } } $result = Authentication::verify($password, $this->hashed_password); // Password needs to be updated, save the file. if ($result == 2) { $save = true; $this->hashed_password = Authentication::create($password); } if ($save) { $this->save(); } return (bool) $result; }
/** * Authenticate user. * * If user password needs to be updated, new information will be saved. * * @param string $password Plaintext password. * @return bool */ public function authenticate($password) { $result = Authentication::verify($password, $this->password); // Password needs to be updated, save the file. if ($result == 2) { $this->password = Authentication::create($password); $this->save(); } return (bool) $result; }