Use hash_equals method to compare the hashes.

2018-02-28 23:53:33 +01:00
parent a6a502fe7c
commit 3d901e3fc2
7 changed files with 7 additions and 7 deletions
--- a/lib/HashAlgorithm/Cleartext.php
+++ b/lib/HashAlgorithm/Cleartext.php
@@ -50,6 +50,6 @@ class Cleartext implements HashAlgorithm
     */
    public function checkPassword($password, $dbHash)
    {
-        return $password === $dbHash;
+        return hash_equals($dbHash, $password);
    }
 }