/** * Returns true if the given password is the correct password for this user. * * @param string $password * @return boolean password correct */ public function checkPassword($password) { $isValid = false; $rebuild = false; // check if password is a valid bcrypt hash if (PasswordUtil::isBlowfish($this->password)) { if (PasswordUtil::isDifferentBlowfish($this->password)) { $rebuild = true; } // password is correct if (PasswordUtil::secureCompare($this->password, PasswordUtil::getDoubleSaltedHash($password, $this->password))) { $isValid = true; } } else { // different encryption type if (PasswordUtil::checkPassword($this->username, $password, $this->password)) { $isValid = true; $rebuild = true; } } // create new password hash, either different encryption or different blowfish cost factor if ($rebuild) { $userEditor = new UserEditor($this); $userEditor->update(array( 'password' => $password )); } return $isValid; }