aboutsummaryrefslogtreecommitdiffstats
path: root/admin/auth.php
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2021-06-20 21:23:46 +0200
committerThomas Lange <code@nerdmind.de>2021-06-20 21:23:46 +0200
commit8355f85e0a1e22f64248919a5759458ba897f0ee (patch)
treed8a071a76abd954620ed382508dd63b14290a43f /admin/auth.php
parentb95237938c64eb7355a38e3a513633e6811d2968 (diff)
downloadblog-8355f85e0a1e22f64248919a5759458ba897f0ee.tar.gz
blog-8355f85e0a1e22f64248919a5759458ba897f0ee.tar.xz
blog-8355f85e0a1e22f64248919a5759458ba897f0ee.zip
Call password_verify directly in login script
Diffstat (limited to 'admin/auth.php')
-rw-r--r--admin/auth.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/admin/auth.php b/admin/auth.php
index 8c6d5a6..9674563 100644
--- a/admin/auth.php
+++ b/admin/auth.php
@@ -30,8 +30,9 @@ if(Application::isAuthenticated()) {
if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) {
try {
$User = User\Factory::buildByUsername(HTTP::POST('username'));
+ $password = $User->getAttribute()->get('password');
- if($User->comparePassword(HTTP::POST('password'))) {
+ if(password_verify(HTTP::POST('password'), $password)) {
$_SESSION['auth'] = $User->getID();
HTTP::redirect(Application::getAdminURL());
}