diff options
author | Thomas Lange <code@nerdmind.de> | 2021-06-20 21:23:46 +0200 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2021-06-20 21:23:46 +0200 |
commit | 8355f85e0a1e22f64248919a5759458ba897f0ee (patch) | |
tree | d8a071a76abd954620ed382508dd63b14290a43f | |
parent | b95237938c64eb7355a38e3a513633e6811d2968 (diff) | |
download | blog-8355f85e0a1e22f64248919a5759458ba897f0ee.tar.gz blog-8355f85e0a1e22f64248919a5759458ba897f0ee.tar.xz blog-8355f85e0a1e22f64248919a5759458ba897f0ee.zip |
Call password_verify directly in login script
-rw-r--r-- | admin/auth.php | 3 | ||||
-rw-r--r-- | core/namespace/User/Item.php | 7 |
2 files changed, 2 insertions, 8 deletions
diff --git a/admin/auth.php b/admin/auth.php index 8c6d5a6..9674563 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -30,8 +30,9 @@ if(Application::isAuthenticated()) { if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { try { $User = User\Factory::buildByUsername(HTTP::POST('username')); + $password = $User->getAttribute()->get('password'); - if($User->comparePassword(HTTP::POST('password'))) { + if(password_verify(HTTP::POST('password'), $password)) { $_SESSION['auth'] = $User->getID(); HTTP::redirect(Application::getAdminURL()); } diff --git a/core/namespace/User/Item.php b/core/namespace/User/Item.php index a4ab799..e3ecd2b 100644 --- a/core/namespace/User/Item.php +++ b/core/namespace/User/Item.php @@ -25,11 +25,4 @@ class Item extends \Item { return sha1(implode(NULL, $attributes)); } - - #=============================================================================== - # Compare plaintext password with hashed password from database - #=============================================================================== - public function comparePassword($password): bool { - return password_verify($password, $this->Attribute->get('password')); - } } |