+ * @param mixed $user_info
+ * @param string $password
+ * @return int|boolean
+ * @deprecated since version 3.6
+ * @see User::getIdFromPasswordAuthentication()
+ */
+ public static function authenticate($user_info, $password)
+ {
+ try {
+ return self::getIdFromPasswordAuthentication($user_info, $password);
+ } catch (Exception $ex) {
+ return false;
+ }
+ }
+
+ /**
+ * Returns the user id associated with a successful password authentication
+ *
+ * @brief Authenticate a user with a clear text password
+ * @param mixed $user_info
+ * @param string $password
+ * @return int User Id if authentication is successful
+ * @throws Exception
+ */
+ public static function getIdFromPasswordAuthentication($user_info, $password)
+ {
+ $user = self::getAuthenticationInfo($user_info);
+
+ if (strpos($user['password'], '$') === false) {
+ //Legacy hash that has not been replaced by a new hash yet
+ if (self::hashPasswordLegacy($password) === $user['password']) {
+ self::updatePassword($user['uid'], $password);
+
+ return $user['uid'];
+ }
+ } elseif (!empty($user['legacy_password'])) {
+ //Legacy hash that has been double-hashed and not replaced by a new hash yet
+ //Warning: `legacy_password` is not necessary in sync with the content of `password`
+ if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
+ self::updatePassword($user['uid'], $password);
+
+ return $user['uid'];
+ }
+ } elseif (password_verify($password, $user['password'])) {
+ //New password hash
+ if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
+ self::updatePassword($user['uid'], $password);
+ }
+
+ return $user['uid'];
+ }
+
+ throw new Exception(L10n::t('Login failed'));
+ }
+
+ /**
+ * Returns authentication info from various parameters types