game/_incl_data/class/User/Password.php

<?php

namespace User;

use Core\Db;
use PassGen;
use User;

class Password
{
    private array $info = [];

    public function __construct(array $userinfo)
    {
        $this->info = $userinfo ?? User::start()->info;
    }

    public static function isGood(string $password, string $passwordHash, string $login): bool
    {
        if (password_verify($password, $passwordHash)) { // check password
            return true;
        } else {
            if (
                md5($password) === $passwordHash || // convert old md5() password
                password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed
            ) {
                $hash = password_hash($password, PASSWORD_DEFAULT);
                Db::sql('update users set pass = ? where login = ?', [$hash, $login]);
                return true;
            }
            return false;
        }
    }

    public function changeFirst(string $old, string $new): string
    {
        if ($old === $new && password_verify($old, $this->info['pass'])) {
            if ($this->info['emailconfirmation'] === 1) {
                $query = 'insert into emailconfirmation (id, code, pa_em, pass) values (?,?,?,1)';
                $args = [
                    $this->info['id'],
                    PassGen::intCode(10),
                    password_hash($new, PASSWORD_DEFAULT),
                ];
                Confirmation::byEmail($this->info, 'пароль', $new, $args[1]);
                $hashedPass = $args[2];
            } else {
                $query = 'update users set pass = ?, securetime = unix_timestamp() + 259200 where id = ?';
                $args = [
                    password_hash($new, PASSWORD_DEFAULT),
                    $this->info['id'],
                ];
                $hashedPass = $args[0];
            }
            Db::sql($query, $args);
            return $hashedPass;
        }
        return $this->info['pass'];
    }

    public function changeSecond(?int $passLength): array
    {
        if (in_array($passLength, [4, 6, 8])) {
            $query = 'update users set pass2 = ? where id = ?';
            $pass2 = PassGen::intCode($passLength);
            $args = [
                password_hash($pass2, PASSWORD_DEFAULT),
                $this->info['id'],
            ];
            Confirmation::byEmail($this->info, 'pass2', $pass2);
            $hash = $args[0];
        } else {
            $query = 'update users set pass2 = default where id = ?';
            $args = [$this->info['id']];
        }

        Db::sql($query, $args);
        return [
            'pass2' => $pass2 ?? '',
            'hash' => $hash ?? null,
        ];
    }
}