From 07cb27f14f8ccef60f47b1b4039c4e9a6d009a17 Mon Sep 17 00:00:00 2001
From: dmjohnsson23 <dmjohn235@gmail.com>
Date: Thu, 14 Oct 2021 10:20:35 -0600
Subject: [PATCH] Correct rehash check to use actual hash

---
 includes/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/user.php b/includes/user.php
index 03af795b0..162b8ae22 100644
--- a/includes/user.php
+++ b/includes/user.php
@@ -56,7 +56,7 @@ function user_valid_login ( $login, $password, $silent=false ) {
       } else {
         // New-Style Secure Password
         $okay = password_verify ( $password, $expected_hash );
-        $rehash = password_needs_rehash ( $hash, PASSWORD_DEFAULT );
+        $rehash = password_needs_rehash ( $expected_hash, PASSWORD_DEFAULT );
       }
       // Upgrade insecurely stored passwords
       if ( $okay && $rehash ){