From 6a149250ae8fb159d5c8f40314b222c1c4ab1abf Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 29 Mar 2016 00:15:30 +0200
Subject: Use PHP's password_hash function

This drops a third party library, but bumps our required php version to
5.5 which is currently old stable. Earlier versions are no longer
supported by php upstream nor by us.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/libraries/Duser/drivers/Duser_db.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'application/libraries/Duser/drivers')

diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
index b73c0e2e2..102d98023 100644
--- a/application/libraries/Duser/drivers/Duser_db.php
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -32,7 +32,7 @@ class Duser_db extends Duser_Driver {
 			return false;
 		}
 
-		if (crypt($password, $query["password"]) === $query["password"]) {
+		if (password_verify($password, $query['password'])) {
 			return array(
 				"username" => $username,
 				"userid" => $query["id"]
-- 
cgit v1.2.3-24-g4f1b