diff --git a/system/src/Grav/Common/User/User.php b/system/src/Grav/Common/User/User.php index 71bbc0fc0..6528d9b0c 100644 --- a/system/src/Grav/Common/User/User.php +++ b/system/src/Grav/Common/User/User.php @@ -9,6 +9,9 @@ use Grav\Common\GravTrait; /** * User object * + * @property mixed authenticated + * @property mixed password + * @property bool|string hashed_password * @author RocketTheme * @license MIT */ @@ -57,14 +60,13 @@ class User extends Data // Plain-text is still stored if ($this->password) { - if ($password !== $this->password) { // Plain-text passwords do not match, we know we should fail but execute // verify to protect us from timing attacks and return false regardless of // the result Authentication::verify($password, self::getGrav()['config']->get('system.security.default_hash')); return false; - } else { + } else { // Plain-text does match, we can update the hash and proceed $save = true;