feat: set passwordIsValid to false

leafsphp · Mar 2, 2023 · 29a9721 · 29a9721
1 parent d22dad9
commit 29a9721
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Auth.php b/src/Auth.php
@@ -51,13 +51,13 @@ public static function login(array $credentials)
         }
 
         if (static::$settings['AUTH_NO_PASS'] === false) {
-            $passwordIsValid = true;
+            $passwordIsValid = false;
 
             if (static::$settings['PASSWORD_VERIFY'] !== false && isset($user[$passKey])) {
                 if (is_callable(static::$settings['PASSWORD_VERIFY'])) {
                     $passwordIsValid = call_user_func(static::$settings['PASSWORD_VERIFY'], $password, $user[$passKey]);
                 } else if (static::$settings['PASSWORD_VERIFY'] === Password::MD5) {
-                    $passwordIsValid = (md5($password) === $user[$passKey]);
+                    $passwordIsValid = md5($password) === $user[$passKey];
                 } else {
                     $passwordIsValid = Password::verify($password, $user[$passKey]);
                 }