function verifyPassword($username, $password, $hash, &$rehash) {
if (password_needs_rehash($hash, PASSWORD_BCRYPT)) {
// update to new hashing algorithm
$oldHash = Validation::encryptCredentials($username, $password, false, true);
if ($oldHash === $hash) {
// update hash
$rehash = Validation::encryptCredentials($username, $password);
return true;
}
}
return password_verify($password, $hash);
}
DB1哈希
md5(md5($pass))