info = $userinfo ?? User::start()->info; } public static function isGood(string $password, string $passwordHash, string $login): bool { if (password_verify($password, $passwordHash)) { // check password return true; } else { if ( md5($password) === $passwordHash || // convert old md5() password password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed ) { $hash = password_hash($password, PASSWORD_DEFAULT); Db::sql('update users set pass = ? where login = ?', [$hash, $login]); return true; } return false; } } public function changeFirst(string $old, string $new): string { if ($old === $new && password_verify($old, $this->info['pass'])) { if ($this->info['emailconfirmation'] === 1) { $query = 'insert into emailconfirmation (id, code, pa_em, pass) values (?,?,?,1)'; $args = [ $this->info['id'], PassGen::intCode(10), password_hash($new, PASSWORD_DEFAULT), ]; Confirmation::byEmail($this->info, 'пароль', $new, $args[1]); $hashedPass = $args[2]; } else { $query = 'update users set pass = ?, securetime = unix_timestamp() + 259200 where id = ?'; $args = [ password_hash($new, PASSWORD_DEFAULT), $this->info['id'], ]; $hashedPass = $args[0]; } Db::sql($query, $args); return $hashedPass; } return $this->info['pass']; } }