/**
* Returns true if the given password is the correct password for this user.
*
* @param string $password
* @return boolean password correct
*/
public function checkPassword($password) {
$isValid = false;
$rebuild = false;
// check if password is a valid bcrypt hash
if (PasswordUtil::isBlowfish($this->password)) {
if (PasswordUtil::isDifferentBlowfish($this->password)) {
$rebuild = true;
}
// password is correct
if (PasswordUtil::secureCompare($this->password, PasswordUtil::getDoubleSaltedHash($password, $this->password))) {
$isValid = true;
}
}
else {
// different encryption type
if (PasswordUtil::checkPassword($this->username, $password, $this->password)) {
$isValid = true;
$rebuild = true;
}
}
// create new password hash, either different encryption or different blowfish cost factor
if ($rebuild) {
$userEditor = new UserEditor($this);
$userEditor->update(array(
'password' => $password
));
}
return $isValid;
}
