The passwords for new registered users are stored from now on with the function password_hash. Passwords of yet registered users will be compared with the old md5-implementation in case of a hash with a stringlength of 32 chars. In this case I assume the hash was made with md5. When the comparision succeedes, a new hash will get generated with password_hash and this new hash replaces the old md5-based hash in the users dataset.
The same procedure get executed in case of the forgot-password-function when one confirm the generate-new-password-link in the e-mail.
The passwords for new registered users are stored from now on with the function
password_hash. Passwords of yet registered users will be compared with the old md5-implementation in case of a hash with a stringlength of 32 chars. In this case I assume the hash was made with md5. When the comparision succeedes, a new hash will get generated withpassword_hashand this new hash replaces the old md5-based hash in the users dataset.The same procedure get executed in case of the forgot-password-function when one confirm the generate-new-password-link in the e-mail.
This fixes #38.