app/controllers/UserController.php: in settingsAction() use Phalcon\Security::hash() instead of password_hash()

app/controllers/UserController.php

@@ -31,7 +31,7 @@ class UserController extends ControllerBase
                 $new_pw = $form->getValue('passwordNew');
                 if (strlen($new_pw) > 0) {
 
-                    $hash = password_hash($new_pw, PASSWORD_BCRYPT);
+                    $hash = $this->security->hash($new_pw, 12);
 
                     // User had a password before. just update.
                     if (strlen($user->getPassword()) > 0) {