/** * @param User $user * @param $password * @return bool */ public static function verifyPassword($user, $password) { $password = self::preparePlainTextPassword($user->getName(), $password); if ($user->getPassword()) { // do not allow logins for users without a password if (password_verify($password, $user->getPassword())) { if (password_needs_rehash($user->getPassword(), PASSWORD_DEFAULT)) { $user->setPassword(self::getPasswordHash($user->getName(), $password)); $user->save(); } return true; } } return false; }