public function checkPassword($password)
{
if (sizeof(explode(self::HASH_SEP, $this->password)) != 3) {
// fallback
if ($this->password == sha1($password)) {
// update old password on success
$this->setPassword($password);
return true;
}
return false;
}
list($algo, $salt, $password_hash) = explode(self::HASH_SEP, $this->password);
return $password_hash === hash($algo, $salt . $password);
}