Use hash_equals method to compare the hashes.

2018-02-28 23:53:33 +01:00
parent a6a502fe7c
commit 3d901e3fc2
7 changed files with 7 additions and 7 deletions
--- a/lib/HashAlgorithm/CourierSHA1.php
+++ b/lib/HashAlgorithm/CourierSHA1.php
@@ -44,7 +44,7 @@ class CourierSHA1 implements HashAlgorithm
     */
    public function checkPassword($password, $dbHash)
    {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
    }

    /**