Ratatöskr is a flexible Content Management System / Blogging Software for PHP 5.3. http://git.laria.me/ratatoeskr-cms/atom?h=master 2020-09-25T21:09:31Z 2020-09-25T21:09:31Z Laria Carolin Chabowski laria@laria.me 2020-09-25T21:09:31Z urn:sha1:5e347e4efaa81c2108256dc927208cd55dc10baa Previously I rolled my own password hashing function. While it at least used some sort of salt, it's still a terrible idea. The newly created class PasswordHash wraps the password_hash() family of functions but can also check the old password hash format (to distinguish them, the new password hashes are prefixed with a '!'). In PasswordHash::needsRehash we then always report an hash of the old format as being in need of a rehash. That way, these old hashes will be replaced the next time the user successfully logs in.