pnx/httpcb
Archived
1
0
Fork 0
Code Releases Activity

app/library/Auth.php: in login() use Phalcon\Security::checkHash() instead of password_verify()

Browse source
This commit is contained in:
Henrik Hautakoski 2018-08-10 20:39:16 +02:00
parent 9af7b3cc01
commit 31ac9224b3
No known key found for this signature in database
GPG key ID: 839F3A7EAFAEAFAA
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/library/Auth.php
View file

@ -28,7 +28,7 @@ class Auth extends Component
if ($user) {
// Verify password
$hash = $user->getPassword();
if (strlen($hash) > 1 && password_verify($password, $hash)) {
if (strlen($hash) > 1 && $this->security->checkHash($password, $hash)) {
$this->setIdentity($user->getId());